From a8bdb1d060834696fb7b9971af8dedfec7ad9f0d Mon Sep 17 00:00:00 2001 From: Christian Bundy Date: Tue, 8 Sep 2020 09:02:48 -0700 Subject: [PATCH] Remove extra API for Sodium-Native parity This API has some extra functions that aren't exported by Sodium-Native, so we probably don't want to expose them in Sodium-JavaScript. This removes all methods that aren't available in Sodium-Native, which simplifies `crypto_auth.js` and makes it much shorter (with much higher test coverage). --- crypto_auth.js | 73 ++++++-------------------------------------------- 1 file changed, 8 insertions(+), 65 deletions(-) diff --git a/crypto_auth.js b/crypto_auth.js index 79220e0..90acae5 100644 --- a/crypto_auth.js +++ b/crypto_auth.js @@ -1,50 +1,13 @@ /* eslint-disable camelcase */ -const { crypto_verify_32, crypto_verify_64 } = require('./crypto_verify') -const { sodium_memcmp } = require('./helpers') -const Sha256 = require('sha256-universal') +const { crypto_verify_32 } = require('./crypto_verify') const Sha512 = require('sha512-universal') const assert = require('nanoassert') -const crypto_auth_hmacsha256_BYTES = 32 -const crypto_auth_hmacsha256_KEYBYTES = 32 -const crypto_auth_hmacsha512_BYTES = 64 -const crypto_auth_hmacsha512_KEYBYTES = 32 -const crypto_auth_hmacsha512256_BYTES = 32 -const crypto_auth_hmacsha512256_KEYBYTES = 32 +const crypto_auth_BYTES = 32 +const crypto_auth_KEYBYTES = 32 -const crypto_auth_BYTES = crypto_auth_hmacsha512256_BYTES -const crypto_auth_KEYBYTES = crypto_auth_hmacsha512256_KEYBYTES - -function crypto_auth_hmacsha256 (out, input, k) { - assert(out.byteLength === crypto_auth_hmacsha256_BYTES, "out should be 'crypto_auth_hmacsha256_BYTES' in length") - - const hmac = Sha256.HMAC(k) - hmac.update(input) - return hmac.digest(out) -} - -function crypto_auth_hmacsha256_verify (h, input, k) { - const correct = Sha256.HMAC(k).update(input).digest() - - return crypto_verify_32(h, 0, correct, 0) && sodium_memcmp(correct, h) -} - -function crypto_auth_hmacsha512 (out, input, k) { - assert(out.byteLength === crypto_auth_hmacsha512_BYTES, "out should be 'crypto_auth_hmacsha512_BYTES' in length") - - const hmac = Sha512.HMAC(k) - hmac.update(input) - return hmac.digest(out) -} - -function crypto_auth_hmacsha512_verify (h, input, k) { - const correct = Sha512.HMAC(k).update(input).digest() - - return crypto_verify_64(h, 0, correct, 0) && sodium_memcmp(correct, h) -} - -function crypto_auth_hmacsha512256 (out, input, k) { - assert(out.byteLength === crypto_auth_hmacsha512256_BYTES, "out should be 'crypto_auth_hmacsha512256_BYTES' in length") +function crypto_auth (out, input, k) { + assert(out.byteLength === crypto_auth_BYTES, "out should be 'crypto_auth_BYTES' in length") const out0 = new Uint8Array(64) const hmac = Sha512.HMAC(k) @@ -54,35 +17,15 @@ function crypto_auth_hmacsha512256 (out, input, k) { out.set(out0.subarray(0, 32)) } -function crypto_auth_hmacsha512256_verify (h, input, k) { +function crypto_auth_verify (h, input, k) { const correct = Sha512.HMAC(k).update(input).digest() - return crypto_verify_32(h, 0, correct, 0) && sodium_memcmp(correct.subarray(0, 32), h) -} - -function crypto_auth (out, input, k) { - return crypto_auth_hmacsha512256(out, input, k) -} - -function crypto_auth_verify (h, input, k) { - return crypto_auth_hmacsha512256_verify(h, input, k) + return crypto_verify_32(h, 0, correct, 0) } module.exports = { crypto_auth_BYTES, crypto_auth_KEYBYTES, - crypto_auth_hmacsha256_BYTES, - crypto_auth_hmacsha256_KEYBYTES, - crypto_auth_hmacsha512_BYTES, - crypto_auth_hmacsha512_KEYBYTES, - crypto_auth_hmacsha512256_BYTES, - crypto_auth_hmacsha512256_KEYBYTES, crypto_auth, - crypto_auth_verify, - crypto_auth_hmacsha256, - crypto_auth_hmacsha256_verify, - crypto_auth_hmacsha512, - crypto_auth_hmacsha512256, - crypto_auth_hmacsha512256_verify, - crypto_auth_hmacsha512_verify + crypto_auth_verify }