From 689f7f23c309e9a6aef9bce3eed1fd78dc3e0b49 Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Sun, 17 Aug 2025 21:32:42 -0700 Subject: [PATCH] Condense array checks. Revert verify to calling crypto_sign_open directly. --- src/lib/crypto/nano-nacl.ts | 50 ++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/src/lib/crypto/nano-nacl.ts b/src/lib/crypto/nano-nacl.ts index 45950ac..52bf2ab 100644 --- a/src/lib/crypto/nano-nacl.ts +++ b/src/lib/crypto/nano-nacl.ts @@ -509,18 +509,14 @@ export class NanoNaCl { if (!(signedMessage instanceof Uint8Array)) { throw new TypeError('Signed message must be Uint8Array') } - if (!(publicKey instanceof Uint8Array)) { - throw new TypeError('Public key must be Uint8Array') - } - if (publicKey.byteLength !== this.crypto_sign_PUBLICKEYBYTES) { - throw new Error(`Public key must be ${this.crypto_sign_PUBLICKEYBYTES} bytes`) + if (!(publicKey instanceof Uint8Array) || publicKey.byteLength !== this.crypto_sign_PUBLICKEYBYTES) { + throw new Error(`Public key must be ${this.crypto_sign_PUBLICKEYBYTES}-byte Uint8Array`) } const sm = new Uint8Array(signedMessage) + const smLen = sm.byteLength const pub = new Uint8Array(publicKey) - signedMessage = undefined - publicKey = undefined - const tmp = new Uint8Array(sm.length) - const mLen = this.crypto_sign_open(tmp, sm, sm.length, pub) + const tmp = new Uint8Array(smLen) + const mLen = this.crypto_sign_open(tmp, sm, smLen, pub) if (mLen < 0) { throw new Error('Signature verification failed') } @@ -545,19 +541,16 @@ export class NanoNaCl { if (!(message instanceof Uint8Array)) { throw new TypeError('Message must be Uint8Array') } - if (!(privateKey instanceof Uint8Array)) { - throw new TypeError('Private key must be Uint8Array') - } - if (privateKey.byteLength !== this.crypto_sign_SEEDBYTES) { - throw new Error(`Private key must be ${this.crypto_sign_PRIVATEKEYBYTES} bytes`) + if (!(privateKey instanceof Uint8Array) || privateKey.byteLength !== this.crypto_sign_SEEDBYTES) { + throw new Error(`Private key must be ${this.crypto_sign_PRIVATEKEYBYTES}-byte Uint8Array`) } - const msg = new Uint8Array(message) const prv = new Uint8Array(privateKey) - message = undefined privateKey = undefined - const signed = new Uint8Array(this.crypto_sign_BYTES + msg.length) + const mLen = message.byteLength + const msg = new Uint8Array(message) + const signed = new Uint8Array(this.crypto_sign_BYTES + mLen) const pub = this.convert(prv) - this.crypto_sign(signed, msg, msg.length, prv, pub) + this.crypto_sign(signed, msg, mLen, prv, pub) return signed } catch (err) { throw new Error('Failed to sign and return message', { cause: err }) @@ -578,16 +571,21 @@ export class NanoNaCl { if (!(signedMessage instanceof Uint8Array)) { throw new TypeError('Signed message must be Uint8Array') } - if (!(signature instanceof Uint8Array)) { - throw new TypeError('Signature must be Uint8Array') + if (!(signature instanceof Uint8Array) || signature.byteLength !== this.crypto_sign_BYTES) { + throw new Error(`Signature must be ${this.crypto_sign_BYTES}-byte Uint8Array`) } - if (signature.byteLength !== this.crypto_sign_BYTES) { - throw new Error(`Signature must be ${this.crypto_sign_BYTES} bytes`) + if (!(publicKey instanceof Uint8Array) || publicKey.byteLength !== this.crypto_sign_PUBLICKEYBYTES) { + throw new Error(`Public key must be ${this.crypto_sign_PUBLICKEYBYTES}-byte Uint8Array`) } - const sm = new Uint8Array(this.crypto_sign_BYTES + signedMessage.byteLength) - sm.set(signature, 0) - sm.set(signedMessage, this.crypto_sign_BYTES) - return (this.open(sm, publicKey as Uint8Array).byteLength >= 0) + const msg = new Uint8Array(signedMessage) + const sig = new Uint8Array(signature) + const pub = new Uint8Array(publicKey) + const smLen = this.crypto_sign_BYTES + msg.byteLength + const sm = new Uint8Array(smLen) + const m = new Uint8Array(smLen) + sm.set(sig, 0) + sm.set(msg, this.crypto_sign_BYTES) + return (this.crypto_sign_open(m, sm, smLen, pub) >= 0) } catch (err) { throw new Error('Failed to verify signature on message with the given public key', { cause: err }) } -- 2.47.3