From 0fba70b6fa0347d903e3c7248883a6ec6b601c76 Mon Sep 17 00:00:00 2001 From: Christophe Diederichs Date: Thu, 3 Sep 2020 12:49:05 +0200 Subject: [PATCH] add crypto_auth_hmac methods --- crypto_auth.js | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ crypto_verify.js | 4 +++ index.js | 1 + package.json | 4 +-- 4 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 crypto_auth.js diff --git a/crypto_auth.js b/crypto_auth.js new file mode 100644 index 0000000..3b8099f --- /dev/null +++ b/crypto_auth.js @@ -0,0 +1,72 @@ +/* eslint-disable camelcase */ +const { crypto_verify_32, crypto_verify_64 } = require('./crypto_verify') +const Sha256 = require('sha256-universal') +const Sha512 = require('sha512-universal') +const assert = require('nanoassert') + +const crypto_auth_hmacsha256_BYTES = 32 +const crypto_auth_hmacsha256_KEYBYTES = 32 +const crypto_auth_hmacsha512_BYTES = 64 +const crypto_auth_hmacsha512_KEYBYTES = 32 +const crypto_auth_hmacsha512256_BYTES = 32 +const crypto_auth_hmacsha512256_KEYBYTES = 32 + +function crypto_auth_hmacsha256 (out, input, k) { + assert(out.byteLength === crypto_auth_hmacsha256_BYTES, "out should be 'crypto_auth_hmacsha256_BYTES' in length") + + const hmac = Sha256.HMAC(key) + hmac.update(input) + return hmac.digest(out) +} + +function crypto_auth_hmacsha256_verify (h, input, k) { + const correct = Sha256.HMAC(k).update(input).digest() + + return crypto_verify_32(h, 0, correct, 0) | sodium_memcmp(correct, h, 32) +} + +function crypto_auth_hmacsha512 (out, input, k) { + assert(out.byteLength === crypto_auth_hmacsha512_BYTES, "out should be 'crypto_auth_hmacsha512_BYTES' in length") + + const hmac = Sha512.HMAC(key) + hmac.update(input) + return hmac.digest(out) +} + +function crypto_auth_hmacsha512_verify (h, input, k) { + const correct = Sha512.HMAC(k).update(input).digest() + + return crypto_verify_64(h, 0, correct, 0) | sodium_memcmp(correct, h, 64) +} + +function crypto_auth_hmacsha512256 (out, input, k) { + assert(out.byteLength === crypto_auth_hmacsha512_BYTES, "out should be 'crypto_auth_hmacsha512256_BYTES' in length") + + const out0 = Buffer.alloc(64) + const hmac = Sha512.HMAC(key) + hmac.update(input) + hmac.digest(out) + + out.set(out0.subarray(0, 32)) +} + +function crypto_auth_hmacsha512256_verify (h, input, k) { + const correct = Sha512.HMAC(k).update(input).digest() + + return crypto_verify_32(h, 0, correct, 0) | sodium_memcmp(correct, h, 32) +} + +module.exports = { + crypto_auth_hmacsha256_BYTES, + crypto_auth_hmacsha256_KEYBYTES, + crypto_auth_hmacsha512_BYTES, + crypto_auth_hmacsha512_KEYBYTES, + crypto_auth_hmacsha512256_BYTES, + crypto_auth_hmacsha512256_KEYBYTES, + crypto_auth_hmacsha256, + crypto_auth_hmacsha256_verify, + crypto_auth_hmacsha512, + crypto_auth_hmacsha512_verify, + crypto_auth_hmacsha512256, + crypto_auth_hmacsha512256_verify +} diff --git a/crypto_verify.js b/crypto_verify.js index f23ff3d..9b7e0c1 100644 --- a/crypto_verify.js +++ b/crypto_verify.js @@ -22,3 +22,7 @@ function crypto_verify_16 (x, xi, y, yi) { function crypto_verify_32 (x, xi, y, yi) { return vn(x, xi, y, yi, 32) } + +function crypto_verify_64 (x, xi, y, yi) { + return vn(x, xi, y, yi, 64) +} diff --git a/index.js b/index.js index 48a88bb..980fdd6 100644 --- a/index.js +++ b/index.js @@ -12,6 +12,7 @@ forward(require('./randombytes')) forward(require('./memory')) forward(require('./helpers')) forward(require('./crypto_verify')) +forward(require('./crypto_auth')) forward(require('./crypto_box')) forward(require('./crypto_generichash')) forward(require('./crypto_hash')) diff --git a/package.json b/package.json index e811952..dc91eab 100644 --- a/package.json +++ b/package.json @@ -7,8 +7,8 @@ "blake2b": "^2.1.1", "chacha20-universal": "^1.0.4", "nanoassert": "^2.0.0", - "sha256-universal": "^1.0.1", - "sha512-universal": "^1.0.1", + "sha256-universal": "^1.1.0", + "sha512-universal": "^1.1.0", "siphash24": "^1.0.1", "xsalsa20": "^1.0.0" },