[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-wallet-core] branch master updated: get rid of libsodium-sumo, i
|
From: |
gnunet |
|
Subject: |
[taler-wallet-core] branch master updated: get rid of libsodium-sumo, implement directly |
|
Date: |
Fri, 04 Feb 2022 00:50:31 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository wallet-core.
The following commit(s) were added to refs/heads/master by this push:
new 432bf7ab get rid of libsodium-sumo, implement directly
432bf7ab is described below
commit 432bf7aba2ed65a67254192b7498018f9d6b5372
Author: Florian Dold <florian@dold.me>
AuthorDate: Fri Feb 4 00:50:28 2022 +0100
get rid of libsodium-sumo, implement directly
---
packages/taler-util/package.json | 2 -
packages/taler-util/src/nacl-fast.ts | 297 +++++++++++++++-------------
packages/taler-util/src/talerCrypto.test.ts | 2 +-
packages/taler-util/src/talerCrypto.ts | 49 +++--
4 files changed, 186 insertions(+), 164 deletions(-)
diff --git a/packages/taler-util/package.json b/packages/taler-util/package.json
index 694fbcc4..575b754c 100644
--- a/packages/taler-util/package.json
+++ b/packages/taler-util/package.json
@@ -32,7 +32,6 @@
"pretty": "prettier --write src"
},
"devDependencies": {
- "@types/libsodium-wrappers-sumo": "^0.7.5",
"@types/node": "^17.0.8",
"ava": "^4.0.0",
"esbuild": "^0.14.10",
@@ -43,7 +42,6 @@
"dependencies": {
"big-integer": "^1.6.51",
"jed": "^1.1.1",
- "libsodium-wrappers-sumo": "^0.7.9",
"tslib": "^2.3.1"
},
"ava": {
diff --git a/packages/taler-util/src/nacl-fast.ts
b/packages/taler-util/src/nacl-fast.ts
index 500ac11c..809a1a48 100644
--- a/packages/taler-util/src/nacl-fast.ts
+++ b/packages/taler-util/src/nacl-fast.ts
@@ -24,94 +24,24 @@ const gf0 = gf();
const gf1 = gf([1]);
const _121665 = gf([0xdb41, 1]);
const D = gf([
- 0x78a3,
- 0x1359,
- 0x4dca,
- 0x75eb,
- 0xd8ab,
- 0x4141,
- 0x0a4d,
- 0x0070,
- 0xe898,
- 0x7779,
- 0x4079,
- 0x8cc7,
- 0xfe73,
- 0x2b6f,
- 0x6cee,
- 0x5203,
+ 0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898,
+ 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203,
]);
const D2 = gf([
- 0xf159,
- 0x26b2,
- 0x9b94,
- 0xebd6,
- 0xb156,
- 0x8283,
- 0x149a,
- 0x00e0,
- 0xd130,
- 0xeef3,
- 0x80f2,
- 0x198e,
- 0xfce7,
- 0x56df,
- 0xd9dc,
- 0x2406,
+ 0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130,
+ 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406,
]);
const X = gf([
- 0xd51a,
- 0x8f25,
- 0x2d60,
- 0xc956,
- 0xa7b2,
- 0x9525,
- 0xc760,
- 0x692c,
- 0xdc5c,
- 0xfdd6,
- 0xe231,
- 0xc0a4,
- 0x53fe,
- 0xcd6e,
- 0x36d3,
- 0x2169,
+ 0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c,
+ 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169,
]);
const Y = gf([
- 0x6658,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
- 0x6666,
+ 0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
+ 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
]);
const I = gf([
- 0xa0b0,
- 0x4a0e,
- 0x1b27,
- 0xc4ee,
- 0xe478,
- 0xad2f,
- 0x1806,
- 0x2f43,
- 0xd7a7,
- 0x3dfb,
- 0x0099,
- 0x2b4d,
- 0xdf0b,
- 0x4fc1,
- 0x2480,
- 0x2b83,
+ 0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7,
+ 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83,
]);
function ts64(x: Uint8Array, i: number, h: number, l: number): void {
@@ -653,22 +583,7 @@ function core_hsalsa20(
}
var sigma = new Uint8Array([
- 101,
- 120,
- 112,
- 97,
- 110,
- 100,
- 32,
- 51,
- 50,
- 45,
- 98,
- 121,
- 116,
- 101,
- 32,
- 107,
+ 101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107,
]);
// "expand 32-byte k"
@@ -1854,6 +1769,74 @@ function crypto_scalarmult_base(q: Uint8Array, n:
Uint8Array): number {
return crypto_scalarmult(q, n, _9);
}
+function crypto_scalarmult_noclamp(
+ q: Uint8Array,
+ n: Uint8Array,
+ p: Uint8Array,
+): number {
+ const z = new Uint8Array(32);
+ const x = new Float64Array(80);
+ let r;
+ let i;
+ const a = gf(),
+ b = gf(),
+ c = gf(),
+ d = gf(),
+ e = gf(),
+ f = gf();
+ for (i = 0; i < 31; i++) z[i] = n[i];
+ unpack25519(x, p);
+ for (i = 0; i < 16; i++) {
+ b[i] = x[i];
+ d[i] = a[i] = c[i] = 0;
+ }
+ a[0] = d[0] = 1;
+ for (i = 254; i >= 0; --i) {
+ r = (z[i >>> 3] >>> (i & 7)) & 1;
+ sel25519(a, b, r);
+ sel25519(c, d, r);
+ A(e, a, c);
+ Z(a, a, c);
+ A(c, b, d);
+ Z(b, b, d);
+ S(d, e);
+ S(f, a);
+ M(a, c, a);
+ M(c, b, e);
+ A(e, a, c);
+ Z(a, a, c);
+ S(b, a);
+ Z(c, d, f);
+ M(a, c, _121665);
+ A(a, a, d);
+ M(c, c, a);
+ M(a, d, f);
+ M(d, b, x);
+ S(b, e);
+ sel25519(a, b, r);
+ sel25519(c, d, r);
+ }
+ for (i = 0; i < 16; i++) {
+ x[i + 16] = a[i];
+ x[i + 32] = c[i];
+ x[i + 48] = b[i];
+ x[i + 64] = d[i];
+ }
+ const x32 = x.subarray(32);
+ const x16 = x.subarray(16);
+ inv25519(x32, x32);
+ M(x16, x16, x32);
+ pack25519(q, x16);
+ return 0;
+}
+
+export function crypto_scalarmult_base_noclamp(
+ q: Uint8Array,
+ n: Uint8Array,
+): number {
+ return crypto_scalarmult_noclamp(q, n, _9);
+}
+
// prettier-ignore
const K = [
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
@@ -2533,6 +2516,9 @@ function pack(r: Uint8Array, p: Float64Array[]): void {
r[31] ^= par25519(tx) << 7;
}
+/**
+ * Ed25519 scalar multiplication
+ */
function scalarmult(p: Float64Array[], q: Float64Array[], s: Uint8Array): void
{
let b, i;
set25519(p[0], gf0);
@@ -2579,38 +2565,8 @@ function crypto_sign_keypair(
}
const L = new Float64Array([
- 0xed,
- 0xd3,
- 0xf5,
- 0x5c,
- 0x1a,
- 0x63,
- 0x12,
- 0x58,
- 0xd6,
- 0x9c,
- 0xf7,
- 0xa2,
- 0xde,
- 0xf9,
- 0xde,
- 0x14,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0x10,
+ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde,
+ 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10,
]);
function modL(r: Uint8Array, x: Float64Array): void {
@@ -2689,6 +2645,18 @@ function crypto_sign(
return smlen;
}
+function unpackpos(r: Float64Array[], p: Uint8Array): number {
+ // FIXME: implement directly
+ const q = [gf(), gf(), gf(), gf()];
+ if (unpackneg(q, p)) return -1;
+ const scalar0 = new Uint8Array(32);
+ const scalar1 = new Uint8Array(32);
+ scalar1[0] = 1;
+ const scalarNeg1 = crypto_core_ed25519_scalar_sub(scalar0, scalar1);
+ scalarmult(r, q, scalarNeg1);
+ return 0;
+}
+
function unpackneg(r: Float64Array[], p: Uint8Array): number {
const t = gf();
const chk = gf();
@@ -2731,6 +2699,45 @@ function unpackneg(r: Float64Array[], p: Uint8Array):
number {
return 0;
}
+export function crypto_scalarmult_ed25519_base_noclamp(
+ s: Uint8Array,
+): Uint8Array {
+ const r = new Uint8Array(32);
+ const p = [gf(), gf(), gf(), gf()];
+
+ scalarbase(p, s);
+ pack(r, p);
+ return r;
+}
+
+export function crypto_scalarmult_ed25519_noclamp(
+ s: Uint8Array,
+ q: Uint8Array,
+): Uint8Array {
+ const r = new Uint8Array(32);
+ const p = [gf(), gf(), gf(), gf()];
+ const ql = [gf(), gf(), gf(), gf()];
+
+ if (unpackpos(ql, q)) throw new Error();
+ scalarmult(p, ql, s);
+ pack(r, p);
+ return r;
+}
+
+export function crypto_core_ed25519_add(
+ p1: Uint8Array,
+ p2: Uint8Array,
+): Uint8Array {
+ const q1 = [gf(), gf(), gf(), gf()];
+ const q2 = [gf(), gf(), gf(), gf()];
+ const res = new Uint8Array(32);
+ if (unpackpos(q1, p1)) throw new Error();
+ if (unpackpos(q2, p2)) throw new Error();
+ add(q1, q2);
+ pack(res, q1);
+ return res;
+}
+
function crypto_sign_open(
m: Uint8Array,
sm: Uint8Array,
@@ -2905,9 +2912,7 @@ export function x25519_edwards_keyPair_fromSecretKey(
return pk;
}
-export function crypto_sign_keyPair_fromSecretKey(
- secretKey: Uint8Array,
-): {
+export function crypto_sign_keyPair_fromSecretKey(secretKey: Uint8Array): {
publicKey: Uint8Array;
secretKey: Uint8Array;
} {
@@ -2919,9 +2924,7 @@ export function crypto_sign_keyPair_fromSecretKey(
return { publicKey: pk, secretKey: new Uint8Array(secretKey) };
}
-export function crypto_sign_keyPair_fromSeed(
- seed: Uint8Array,
-): {
+export function crypto_sign_keyPair_fromSeed(seed: Uint8Array): {
publicKey: Uint8Array;
secretKey: Uint8Array;
} {
@@ -3016,3 +3019,29 @@ export function secretbox_open(
if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return
undefined;
return m.subarray(crypto_secretbox_ZEROBYTES);
}
+
+export function crypto_core_ed25519_scalar_add(
+ x: Uint8Array,
+ y: Uint8Array,
+): Uint8Array {
+ const z = new Float64Array(64);
+ for (let i = 0; i < 32; i++) {
+ z[i] = x[i] + y[i];
+ }
+ const o = new Uint8Array(32);
+ modL(o, z);
+ return o;
+}
+
+export function crypto_core_ed25519_scalar_sub(
+ x: Uint8Array,
+ y: Uint8Array,
+): Uint8Array {
+ const z = new Float64Array(64);
+ for (let i = 0; i < 32; i++) {
+ z[i] = x[i] - y[i];
+ }
+ const o = new Uint8Array(32);
+ modL(o, z);
+ return o;
+}
diff --git a/packages/taler-util/src/talerCrypto.test.ts
b/packages/taler-util/src/talerCrypto.test.ts
index 35046359..70ad8a61 100644
--- a/packages/taler-util/src/talerCrypto.test.ts
+++ b/packages/taler-util/src/talerCrypto.test.ts
@@ -303,7 +303,7 @@ test("taler CS blind c", async (t) => {
decodeCrock("P3MECYGCCR58QVEDSW443699CDXVT8C8W5ZT22PPNRJ363M72H6G"),
);
- const rBlind = calcRBlind(pub, secrets, rPub);
+ const rBlind = await calcRBlind(pub, secrets, rPub);
t.deepEqual(
rBlind[0],
decodeCrock("CHK7JC4SXZ4Y9RDA3881S82F7BP99H35Q361WR6RBXN5YN2ZM1M0"),
diff --git a/packages/taler-util/src/talerCrypto.ts
b/packages/taler-util/src/talerCrypto.ts
index 90d52ca7..c2640317 100644
--- a/packages/taler-util/src/talerCrypto.ts
+++ b/packages/taler-util/src/talerCrypto.ts
@@ -24,7 +24,6 @@
import * as nacl from "./nacl-fast.js";
import { kdf } from "./kdf.js";
import bigint from "big-integer";
-import sodium from "libsodium-wrappers-sumo";
import { DenominationPubKey, DenomKeyType } from "./talerTypes.js";
import { AssertionError, equal } from "assert";
@@ -410,13 +409,12 @@ export function deriveSecrets(bseed: Uint8Array):
CsBlindingSecrets {
}
/**
- * Used for testing, simple scalar multiplication with base point of Cuve25519
+ * Used for testing, simple scalar multiplication with base point of Ed25519
* @param s scalar
* @returns new point sG
*/
export async function scalarMultBase25519(s: Uint8Array): Promise<Uint8Array> {
- await sodium.ready;
- return sodium.crypto_scalarmult_ed25519_base_noclamp(s);
+ return nacl.crypto_scalarmult_ed25519_base_noclamp(s);
}
/**
@@ -425,22 +423,22 @@ export async function scalarMultBase25519(s: Uint8Array):
Promise<Uint8Array> {
* @param secrets client blinding secrets
* @param rPub public R received from /csr API
*/
-export function calcRBlind(
+export async function calcRBlind(
csPub: Uint8Array,
secrets: CsBlindingSecrets,
rPub: [Uint8Array, Uint8Array],
-): [Uint8Array, Uint8Array] {
- const aG0 = sodium.crypto_scalarmult_ed25519_base_noclamp(secrets.alpha[0]);
- const aG1 = sodium.crypto_scalarmult_ed25519_base_noclamp(secrets.alpha[1]);
+): Promise<[Uint8Array, Uint8Array]> {
+ const aG0 = nacl.crypto_scalarmult_ed25519_base_noclamp(secrets.alpha[0]);
+ const aG1 = nacl.crypto_scalarmult_ed25519_base_noclamp(secrets.alpha[1]);
- const bDp0 = sodium.crypto_scalarmult_ed25519_noclamp(secrets.beta[0],
csPub);
- const bDp1 = sodium.crypto_scalarmult_ed25519_noclamp(secrets.beta[1],
csPub);
+ const bDp0 = nacl.crypto_scalarmult_ed25519_noclamp(secrets.beta[0], csPub);
+ const bDp1 = nacl.crypto_scalarmult_ed25519_noclamp(secrets.beta[1], csPub);
- const res0 = sodium.crypto_core_ed25519_add(aG0, bDp0);
- const res1 = sodium.crypto_core_ed25519_add(aG1, bDp1);
+ const res0 = nacl.crypto_core_ed25519_add(aG0, bDp0);
+ const res1 = nacl.crypto_core_ed25519_add(aG1, bDp1);
return [
- sodium.crypto_core_ed25519_add(rPub[0], res0),
- sodium.crypto_core_ed25519_add(rPub[1], res1),
+ nacl.crypto_core_ed25519_add(rPub[0], res0),
+ nacl.crypto_core_ed25519_add(rPub[1], res1),
];
}
@@ -466,7 +464,7 @@ function csFDH(
const L = bigint.fromArray(lMod, 256, false);
const info = stringToBytes("Curve25519FDH");
- const preshash = sodium.crypto_hash_sha512(typedArrayConcat([rPub, hm]));
+ const preshash = nacl.hash(typedArrayConcat([rPub, hm]));
return csKdfMod(L, preshash, csPub, info).reverse();
}
@@ -514,14 +512,13 @@ export async function csBlind(
csPub: Uint8Array,
hm: Uint8Array,
): Promise<[Uint8Array, Uint8Array]> {
- await sodium.ready;
const secrets = deriveSecrets(bseed);
- const rPubBlind = calcRBlind(csPub, secrets, rPub);
+ const rPubBlind = await calcRBlind(csPub, secrets, rPub);
const c_0 = csFDH(hm, rPubBlind[0], csPub);
const c_1 = csFDH(hm, rPubBlind[1], csPub);
return [
- sodium.crypto_core_ed25519_scalar_add(c_0, secrets.beta[0]),
- sodium.crypto_core_ed25519_scalar_add(c_1, secrets.beta[1]),
+ nacl.crypto_core_ed25519_scalar_add(c_0, secrets.beta[0]),
+ nacl.crypto_core_ed25519_scalar_add(c_1, secrets.beta[1]),
];
}
@@ -544,11 +541,10 @@ export async function csUnblind(
if (b != 0 && b != 1) {
throw new AssertionError();
}
- await sodium.ready;
const secrets = deriveSecrets(bseed);
- const rPubDash = calcRBlind(csPub, secrets, rPub)[b];
+ const rPubDash = (await calcRBlind(csPub, secrets, rPub))[b];
const sig: CsSignature = {
- s: sodium.crypto_core_ed25519_scalar_add(csSig.sBlind, secrets.alpha[b]),
+ s: nacl.crypto_core_ed25519_scalar_add(csSig.sBlind, secrets.alpha[b]),
rPub: rPubDash,
};
return sig;
@@ -566,12 +562,11 @@ export async function csVerify(
csSig: CsSignature,
csPub: Uint8Array,
): Promise<boolean> {
- await sodium.ready;
const cDash = csFDH(hm, csSig.rPub, csPub);
- const sG = sodium.crypto_scalarmult_ed25519_base_noclamp(csSig.s);
- const cbDp = sodium.crypto_scalarmult_ed25519_noclamp(cDash, csPub);
- const sGeq = sodium.crypto_core_ed25519_add(csSig.rPub, cbDp);
- return sodium.memcmp(sG, sGeq);
+ const sG = nacl.crypto_scalarmult_ed25519_base_noclamp(csSig.s);
+ const cbDp = nacl.crypto_scalarmult_ed25519_noclamp(cDash, csPub);
+ const sGeq = nacl.crypto_core_ed25519_add(csSig.rPub, cbDp);
+ return nacl.verify(sG, sGeq);
}
export interface EddsaKeyPair {
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-wallet-core] branch master updated: get rid of libsodium-sumo, implement directly,
gnunet <=