From: Chris Duncan Date: Sun, 3 Aug 2025 06:13:43 +0000 (-0700) Subject: Replace multiple gf definitions and redundant crypto_hash X-Git-Tag: v0.10.5~46^2~36 X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=3e950ec1f399c0bd5586b26f70e73a12beb569d0;p=libnemo.git Replace multiple gf definitions and redundant crypto_hash --- diff --git a/src/lib/nano-nacl.ts b/src/lib/nano-nacl.ts index 3fdb793..09f0be1 100644 --- a/src/lib/nano-nacl.ts +++ b/src/lib/nano-nacl.ts @@ -24,16 +24,12 @@ export class NanoNaCl { static crypto_sign_PRIVATEKEYBYTES: 32 = 32 static crypto_sign_SEEDBYTES: 32 = 32 - static gf = function (init?: number[]): Float64Array { + static gf (init: number[] = []): Float64Array { const r = new Float64Array(16) - if (init) for (let i = 0; i < init.length; i++) { - r[i] = init[i] - } + r.set(init) return r } - static gf0: Float64Array = this.gf() - static gf1: Float64Array = this.gf([1]) static D: Float64Array = this.gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]) static D2: Float64Array = this.gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]) static X: Float64Array = this.gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]) @@ -211,11 +207,7 @@ export class NanoNaCl { } // Note: difference from TweetNaCl - BLAKE2b used to hash instead of SHA-512. - static crypto_hash (out: Uint8Array, m: Uint8Array, n: number): number { - const input = new Uint8Array(n) - for (let i = 0; i < n; ++i) { - input[i] = m[i] - } + static crypto_hash (out: Uint8Array, m: Uint8Array): number { const hash = new Blake2b(64).update(m).digest() for (let i = 0; i < 64; ++i) { out[i] = hash[i] @@ -273,10 +265,10 @@ export class NanoNaCl { } static scalarmult (p: Float64Array[], q: Float64Array[], s: Uint8Array): void { - this.set25519(p[0], this.gf0) - this.set25519(p[1], this.gf1) - this.set25519(p[2], this.gf1) - this.set25519(p[3], this.gf0) + this.set25519(p[0], this.gf()) + this.set25519(p[1], this.gf([1])) + this.set25519(p[2], this.gf([1])) + this.set25519(p[3], this.gf()) for (let i = 255; i >= 0; --i) { const b = (s[(i / 8) | 0] >> (i & 7)) & 1 this.cswap(p, q, b) @@ -290,7 +282,7 @@ export class NanoNaCl { const q: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()] this.set25519(q[0], this.X) this.set25519(q[1], this.Y) - this.set25519(q[2], this.gf1) + this.set25519(q[2], this.gf([1])) this.M(q[3], this.X, this.Y) this.scalarmult(p, q, s) } @@ -342,13 +334,10 @@ export class NanoNaCl { // Note: difference from C - smlen returned, not passed as argument. static crypto_sign (sm: Uint8Array, m: Uint8Array, n: number, sk: Uint8Array, pk: Uint8Array): number { - const d = new Uint8Array(64) - const h = new Uint8Array(64) - const r = new Uint8Array(64) const x = new Float64Array(64) const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()] - this.crypto_hash(d, sk, 32) + const d = new Blake2b(64).update(sk).digest() d[0] &= 248 d[31] &= 127 d[31] |= 64 @@ -361,7 +350,7 @@ export class NanoNaCl { sm[32 + i] = d[32 + i] } - this.crypto_hash(r, sm.subarray(32), n + 32) + const r = new Blake2b(64).update(sm.subarray(32)).digest() this.reduce(r) this.scalarbase(p, r) this.pack(sm, p) @@ -369,7 +358,7 @@ export class NanoNaCl { for (let i = 0; i < 32; i++) { sm[i + 32] = pk[i] } - this.crypto_hash(h, sm, n + 64) + const h = new Blake2b(64).update(sm).digest() this.reduce(h) for (let i = 0; i < 64; i++) { @@ -397,7 +386,7 @@ export class NanoNaCl { const den4: Float64Array = this.gf() const den6: Float64Array = this.gf() - this.set25519(r[2], this.gf1) + this.set25519(r[2], this.gf([1])) this.unpack25519(r[1], p) this.S(num, r[1]) this.M(den, num, this.D) @@ -425,14 +414,13 @@ export class NanoNaCl { if (this.neq25519(chk, num)) return -1 - if (this.par25519(r[0]) === (p[31] >> 7)) this.Z(r[0], this.gf0, r[0]) + if (this.par25519(r[0]) === (p[31] >> 7)) this.Z(r[0], this.gf(), r[0]) this.M(r[3], r[0], r[1]) return 0 } static crypto_sign_open (m: Uint8Array, sm: Uint8Array, n: number, pk: Uint8Array): number { const t = new Uint8Array(32) - const h = new Uint8Array(64) const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()] const q: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()] @@ -446,7 +434,7 @@ export class NanoNaCl { for (let i = 0; i < 32; i++) { m[i + 32] = pk[i] } - this.crypto_hash(h, m, n) + const h = new Blake2b(64).update(m).digest() this.reduce(h) this.scalarmult(p, q, h) @@ -505,8 +493,7 @@ export class NanoNaCl { const pk = new Uint8Array(this.crypto_sign_PUBLICKEYBYTES) const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()] - const hash = new Uint8Array(64) - this.crypto_hash(hash, s, 64) + const hash = new Blake2b(64).update(s).digest() hash[0] &= 248 hash[31] &= 127 hash[31] |= 64