]> git.codecow.com Git - nano25519.git/commitdiff
Clear WASM buffers prior to returning from each call.
authorChris Duncan <chris@codecow.com>
Fri, 26 Jun 2026 20:54:53 +0000 (13:54 -0700)
committerChris Duncan <chris@codecow.com>
Fri, 26 Jun 2026 20:54:53 +0000 (13:54 -0700)
src/lib/nano25519.ts

index 30ab33b22e59a697c3b0ffb1100aa2e6bde180f2..b9c97908d8ecaf9f7a00fb8d750f8b9b1cb01404 100644 (file)
@@ -80,10 +80,8 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof
                buffer = new DataView(exports.memory.buffer)
                for (let i = 0; i < 32; i++) {
                        sk[i] = buffer.getUint8(outPtr + i + 32)
-                       buffer.setUint8(outPtr + i, 0)
-                       buffer.setUint8(outPtr + i + 32, 0)
                }
-               buffer = undefined
+               clear(buffer)
                return typeof k === 'string'
                        ? [...sk].map(b => b.toString(16).padStart(2, '0')).join('')
                        : sk
@@ -107,9 +105,8 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof
                buffer = new DataView(exports.memory.buffer)
                for (let i = 0; i < 64; i++) {
                        s[i] = buffer.getUint8(outPtr + i)
-                       buffer.setUint8(outPtr + i, 0)
                }
-               buffer = undefined
+               clear(buffer)
                return typeof k === 'string'
                        ? [...s].map(b => b.toString(16).padStart(2, '0')).join('')
                        : s
@@ -137,11 +134,17 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof
                const v = new Uint8Array(1)
                buffer = new DataView(exports.memory.buffer)
                v[0] = buffer.getUint8(outPtr)
+               clear(buffer)
+               return v[0] === 0
+       }
+
+       function clear (buffer: DataView): void {
+               let inPtr = exports.getInputPointer()
+               let outPtr = exports.getOutputPointer()
                for (let i = 0; i < 64; i++) {
+                       buffer.setUint16(inPtr + i, 0)
                        buffer.setUint8(outPtr + i, 0)
                }
-               buffer = undefined
-               return v[0] === 0
        }
 
        function normalize (name: string, byteLengthMin: number, byteLengthMax: number, value: unknown): Uint8Array<ArrayBuffer> {
@@ -250,11 +253,6 @@ const nano25519_worker_init = ({ derive, sign, verify }: typeof nano25519) => {
                                }
                        }
                } catch (err: unknown) {
-                       let buffer: DataView | undefined = new DataView(exports.memory.buffer)
-                       let inPtr = exports.getInputPointer()
-                       for (let i = 0; i < 128; i++) {
-                               buffer.setUint8(inPtr + i, 0)
-                       }
                        if (typeof err === 'object' && err != null) {
                                const { message } = err as { [k: string]: unknown }
                                if (typeof message === 'string' && message !== 'divide by zero') {