NIP44: fix slow types
This commit is contained in:
Alex Gleason
fiatjaf_
parent
fbc82d0b73
commit
27a536f41d
|
|
@ -266,4 +266,8 @@ This is free and unencumbered software released into the public domain. By submi
|
||||||
|
|
||||||
## Contributing to this repository
|
## Contributing to this repository
|
||||||
|
|
||||||
Use NIP-34 to send your patches to `naddr1qq9kummnw3ez6ar0dak8xqg5waehxw309aex2mrp0yhxummnw3ezucn8qyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3q80cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsxpqqqpmejdv00jq`.
|
Use NIP-34 to send your patches to:
|
||||||
|
|
||||||
|
```
|
||||||
|
naddr1qq9kummnw3ez6ar0dak8xqg5waehxw309aex2mrp0yhxummnw3ezucn8qyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3q80cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsxpqqqpmejdv00jq
|
||||||
|
```
|
||||||
|
|
|
||||||
85
nip44.ts
85
nip44.ts
|
|
@ -8,54 +8,59 @@ import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils'
|
||||||
import { base64 } from '@scure/base'
|
import { base64 } from '@scure/base'
|
||||||
|
|
||||||
const decoder = new TextDecoder()
|
const decoder = new TextDecoder()
|
||||||
const u = {
|
|
||||||
minPlaintextSize: 0x0001, // 1b msg => padded to 32b
|
|
||||||
maxPlaintextSize: 0xffff, // 65535 (64kb-1) => padded to 64kb
|
|
||||||
|
|
||||||
utf8Encode: utf8ToBytes,
|
class u {
|
||||||
utf8Decode(bytes: Uint8Array): string {
|
static minPlaintextSize = 0x0001 // 1b msg => padded to 32b
|
||||||
|
static maxPlaintextSize = 0xffff // 65535 (64kb-1) => padded to 64kb
|
||||||
|
|
||||||
|
static utf8Encode = utf8ToBytes
|
||||||
|
|
||||||
|
static utf8Decode(bytes: Uint8Array): string {
|
||||||
return decoder.decode(bytes)
|
return decoder.decode(bytes)
|
||||||
},
|
}
|
||||||
|
|
||||||
getConversationKey(privkeyA: string, pubkeyB: string): Uint8Array {
|
static getConversationKey(privkeyA: string, pubkeyB: string): Uint8Array {
|
||||||
const sharedX = secp256k1.getSharedSecret(privkeyA, '02' + pubkeyB).subarray(1, 33)
|
const sharedX = secp256k1.getSharedSecret(privkeyA, '02' + pubkeyB).subarray(1, 33)
|
||||||
return hkdf_extract(sha256, sharedX, 'nip44-v2')
|
return hkdf_extract(sha256, sharedX, 'nip44-v2')
|
||||||
},
|
}
|
||||||
|
|
||||||
getMessageKeys(conversationKey: Uint8Array, nonce: Uint8Array) {
|
static getMessageKeys(
|
||||||
|
conversationKey: Uint8Array,
|
||||||
|
nonce: Uint8Array,
|
||||||
|
): { chacha_key: Uint8Array; chacha_nonce: Uint8Array; hmac_key: Uint8Array } {
|
||||||
const keys = hkdf_expand(sha256, conversationKey, nonce, 76)
|
const keys = hkdf_expand(sha256, conversationKey, nonce, 76)
|
||||||
return {
|
return {
|
||||||
chacha_key: keys.subarray(0, 32),
|
chacha_key: keys.subarray(0, 32),
|
||||||
chacha_nonce: keys.subarray(32, 44),
|
chacha_nonce: keys.subarray(32, 44),
|
||||||
hmac_key: keys.subarray(44, 76),
|
hmac_key: keys.subarray(44, 76),
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
|
|
||||||
calcPaddedLen(len: number): number {
|
static calcPaddedLen(len: number): number {
|
||||||
if (!Number.isSafeInteger(len) || len < 1) throw new Error('expected positive integer')
|
if (!Number.isSafeInteger(len) || len < 1) throw new Error('expected positive integer')
|
||||||
if (len <= 32) return 32
|
if (len <= 32) return 32
|
||||||
const nextPower = 1 << (Math.floor(Math.log2(len - 1)) + 1)
|
const nextPower = 1 << (Math.floor(Math.log2(len - 1)) + 1)
|
||||||
const chunk = nextPower <= 256 ? 32 : nextPower / 8
|
const chunk = nextPower <= 256 ? 32 : nextPower / 8
|
||||||
return chunk * (Math.floor((len - 1) / chunk) + 1)
|
return chunk * (Math.floor((len - 1) / chunk) + 1)
|
||||||
},
|
}
|
||||||
|
|
||||||
writeU16BE(num: number): Uint8Array {
|
static writeU16BE(num: number): Uint8Array {
|
||||||
if (!Number.isSafeInteger(num) || num < u.minPlaintextSize || num > u.maxPlaintextSize)
|
if (!Number.isSafeInteger(num) || num < u.minPlaintextSize || num > u.maxPlaintextSize)
|
||||||
throw new Error('invalid plaintext size: must be between 1 and 65535 bytes')
|
throw new Error('invalid plaintext size: must be between 1 and 65535 bytes')
|
||||||
const arr = new Uint8Array(2)
|
const arr = new Uint8Array(2)
|
||||||
new DataView(arr.buffer).setUint16(0, num, false)
|
new DataView(arr.buffer).setUint16(0, num, false)
|
||||||
return arr
|
return arr
|
||||||
},
|
}
|
||||||
|
|
||||||
pad(plaintext: string): Uint8Array {
|
static pad(plaintext: string): Uint8Array {
|
||||||
const unpadded = u.utf8Encode(plaintext)
|
const unpadded = u.utf8Encode(plaintext)
|
||||||
const unpaddedLen = unpadded.length
|
const unpaddedLen = unpadded.length
|
||||||
const prefix = u.writeU16BE(unpaddedLen)
|
const prefix = u.writeU16BE(unpaddedLen)
|
||||||
const suffix = new Uint8Array(u.calcPaddedLen(unpaddedLen) - unpaddedLen)
|
const suffix = new Uint8Array(u.calcPaddedLen(unpaddedLen) - unpaddedLen)
|
||||||
return concatBytes(prefix, unpadded, suffix)
|
return concatBytes(prefix, unpadded, suffix)
|
||||||
},
|
}
|
||||||
|
|
||||||
unpad(padded: Uint8Array): string {
|
static unpad(padded: Uint8Array): string {
|
||||||
const unpaddedLen = new DataView(padded.buffer).getUint16(0)
|
const unpaddedLen = new DataView(padded.buffer).getUint16(0)
|
||||||
const unpadded = padded.subarray(2, 2 + unpaddedLen)
|
const unpadded = padded.subarray(2, 2 + unpaddedLen)
|
||||||
if (
|
if (
|
||||||
|
|
@ -66,13 +71,13 @@ const u = {
|
||||||
)
|
)
|
||||||
throw new Error('invalid padding')
|
throw new Error('invalid padding')
|
||||||
return u.utf8Decode(unpadded)
|
return u.utf8Decode(unpadded)
|
||||||
},
|
}
|
||||||
|
|
||||||
hmacAad(key: Uint8Array, message: Uint8Array, aad: Uint8Array): Uint8Array {
|
static hmacAad(key: Uint8Array, message: Uint8Array, aad: Uint8Array): Uint8Array {
|
||||||
if (aad.length !== 32) throw new Error('AAD associated data must be 32 bytes')
|
if (aad.length !== 32) throw new Error('AAD associated data must be 32 bytes')
|
||||||
const combined = concatBytes(aad, message)
|
const combined = concatBytes(aad, message)
|
||||||
return hmac(sha256, key, combined)
|
return hmac(sha256, key, combined)
|
||||||
},
|
}
|
||||||
|
|
||||||
// metadata: always 65b (version: 1b, nonce: 32b, max: 32b)
|
// metadata: always 65b (version: 1b, nonce: 32b, max: 32b)
|
||||||
// plaintext: 1b to 0xffff
|
// plaintext: 1b to 0xffff
|
||||||
|
|
@ -80,7 +85,7 @@ const u = {
|
||||||
// ciphertext: 32b+2 to 0xffff+2
|
// ciphertext: 32b+2 to 0xffff+2
|
||||||
// raw payload: 99 (65+32+2) to 65603 (65+0xffff+2)
|
// raw payload: 99 (65+32+2) to 65603 (65+0xffff+2)
|
||||||
// compressed payload (base64): 132b to 87472b
|
// compressed payload (base64): 132b to 87472b
|
||||||
decodePayload(payload: string): { nonce: Uint8Array; ciphertext: Uint8Array; mac: Uint8Array } {
|
static decodePayload(payload: string): { nonce: Uint8Array; ciphertext: Uint8Array; mac: Uint8Array } {
|
||||||
if (typeof payload !== 'string') throw new Error('payload must be a valid string')
|
if (typeof payload !== 'string') throw new Error('payload must be a valid string')
|
||||||
const plen = payload.length
|
const plen = payload.length
|
||||||
if (plen < 132 || plen > 87472) throw new Error('invalid payload length: ' + plen)
|
if (plen < 132 || plen > 87472) throw new Error('invalid payload length: ' + plen)
|
||||||
|
|
@ -100,30 +105,28 @@ const u = {
|
||||||
ciphertext: data.subarray(33, -32),
|
ciphertext: data.subarray(33, -32),
|
||||||
mac: data.subarray(-32),
|
mac: data.subarray(-32),
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function encrypt(plaintext: string, conversationKey: Uint8Array, nonce: Uint8Array = randomBytes(32)): string {
|
export class v2 {
|
||||||
const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce)
|
static utils = u
|
||||||
const padded = u.pad(plaintext)
|
|
||||||
const ciphertext = chacha20(chacha_key, chacha_nonce, padded)
|
|
||||||
const mac = u.hmacAad(hmac_key, ciphertext, nonce)
|
|
||||||
return base64.encode(concatBytes(new Uint8Array([2]), nonce, ciphertext, mac))
|
|
||||||
}
|
|
||||||
|
|
||||||
function decrypt(payload: string, conversationKey: Uint8Array): string {
|
static encrypt(plaintext: string, conversationKey: Uint8Array, nonce: Uint8Array = randomBytes(32)): string {
|
||||||
const { nonce, ciphertext, mac } = u.decodePayload(payload)
|
const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce)
|
||||||
const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce)
|
const padded = u.pad(plaintext)
|
||||||
const calculatedMac = u.hmacAad(hmac_key, ciphertext, nonce)
|
const ciphertext = chacha20(chacha_key, chacha_nonce, padded)
|
||||||
if (!equalBytes(calculatedMac, mac)) throw new Error('invalid MAC')
|
const mac = u.hmacAad(hmac_key, ciphertext, nonce)
|
||||||
const padded = chacha20(chacha_key, chacha_nonce, ciphertext)
|
return base64.encode(concatBytes(new Uint8Array([2]), nonce, ciphertext, mac))
|
||||||
return u.unpad(padded)
|
}
|
||||||
}
|
|
||||||
|
|
||||||
export const v2 = {
|
static decrypt(payload: string, conversationKey: Uint8Array): string {
|
||||||
utils: u,
|
const { nonce, ciphertext, mac } = u.decodePayload(payload)
|
||||||
encrypt,
|
const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce)
|
||||||
decrypt,
|
const calculatedMac = u.hmacAad(hmac_key, ciphertext, nonce)
|
||||||
|
if (!equalBytes(calculatedMac, mac)) throw new Error('invalid MAC')
|
||||||
|
const padded = chacha20(chacha_key, chacha_nonce, ciphertext)
|
||||||
|
return u.unpad(padded)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export default { v2 }
|
export default { v2 }
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue