@noble/hashes
Advanced tools
@noble/hashes - npm Package Compare versions
Comparing version 0.5.9 to 1.0.0
@@ -42,2 +42,7 @@ import * as blake2 from './_blake2.js'; | ||
| } | ||
| /** | ||
| * BLAKE2b - optimized for 64-bit platforms. JS doesn't have uint64, so it's slower than BLAKE2s. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| export declare const blake2b: { | ||
@@ -48,4 +53,3 @@ (msg: import("./utils.js").Input, opts?: blake2.BlakeOpts | undefined): Uint8Array; | ||
| create(opts: blake2.BlakeOpts): import("./utils.js").Hash<BLAKE2b>; | ||
| init: (opts: blake2.BlakeOpts) => import("./utils.js").Hash<BLAKE2b>; | ||
| }; | ||
| export {}; |
@@ -205,2 +205,7 @@ "use strict"; | ||
| } | ||
| /** | ||
| * BLAKE2b - optimized for 64-bit platforms. JS doesn't have uint64, so it's slower than BLAKE2s. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| exports.blake2b = (0, utils_js_1.wrapConstructorWithOpts)((opts) => new BLAKE2b(opts)); |
@@ -36,2 +36,7 @@ import * as blake2 from './_blake2.js'; | ||
| } | ||
| /** | ||
| * BLAKE2s - optimized for 32-bit platforms. JS doesn't have uint64, so it's faster than BLAKE2b. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| export declare const blake2s: { | ||
@@ -42,4 +47,3 @@ (msg: import("./utils.js").Input, opts?: blake2.BlakeOpts | undefined): Uint8Array; | ||
| create(opts: blake2.BlakeOpts): import("./utils.js").Hash<BLAKE2s>; | ||
| init: (opts: blake2.BlakeOpts) => import("./utils.js").Hash<BLAKE2s>; | ||
| }; | ||
| export {}; |
@@ -137,2 +137,7 @@ "use strict"; | ||
| } | ||
| /** | ||
| * BLAKE2s - optimized for 32-bit platforms. JS doesn't have uint64, so it's faster than BLAKE2b. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| exports.blake2s = (0, utils_js_1.wrapConstructorWithOpts)((opts) => new BLAKE2s(opts)); |
@@ -35,2 +35,7 @@ import * as blake2 from './_blake2.js'; | ||
| } | ||
| /** | ||
| * BLAKE3 hash function. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, context | ||
| */ | ||
| export declare const blake3: { | ||
@@ -41,4 +46,3 @@ (msg: Input, opts?: Blake3Opts | undefined): Uint8Array; | ||
| create(opts: Blake3Opts): import("./utils.js").Hash<BLAKE3>; | ||
| init: (opts: Blake3Opts) => import("./utils.js").Hash<BLAKE3>; | ||
| }; | ||
| export {}; |
@@ -255,2 +255,7 @@ "use strict"; | ||
| } | ||
| /** | ||
| * BLAKE3 hash function. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, context | ||
| */ | ||
| exports.blake3 = (0, utils_js_1.wrapConstructorWithOpts)((opts) => new BLAKE3(opts)); |
| export declare function scrypt(password: string, salt: string): Uint8Array; | ||
| export declare function pbkdf2(password: string, salt: string): Uint8Array; | ||
| /** | ||
| * Derives main seed. Takes a lot of time. | ||
| * Prefer `eskdf` method instead. | ||
| */ | ||
| export declare function deriveMainSeed(username: string, password: string): Uint8Array; | ||
| /** | ||
| * Derives a child key. Prefer `eskdf` method instead. | ||
| * @example deriveChildKey(seed, 'aes', 0) | ||
| */ | ||
| export declare function deriveChildKey(seed: Uint8Array, protocol: string, accountId?: number | string, keyLength?: number): Uint8Array; | ||
| declare type ESKDF = Promise<Readonly<{ | ||
| /** | ||
| * Derives a child key. Child key will not be associated with any | ||
| * other child key because of properties of underlying KDF. | ||
| * @param protocol - 3-15 character protocol name | ||
| * @param accountId - numeric identifier of account | ||
| * @param keyLength - (default: 32) key length | ||
| * @example deriveChildKey('aes', 0) | ||
| */ | ||
| deriveChildKey: (protocol: string, accountId: number | string) => Uint8Array; | ||
| /** | ||
| * Deletes the main seed from eskdf instance | ||
| */ | ||
| expire: () => void; | ||
| /** | ||
| * Account fingerprint | ||
| */ | ||
| fingerprint: string; | ||
| }>>; | ||
| /** | ||
| * ESKDF | ||
| * @param username - username, email, or identifier, min: 8 characters, should have enough entropy | ||
| * @param password - password, min: 8 characters, should have enough entropy | ||
| * @example | ||
| * const kdf = await eskdf('example-university', 'beginning-new-example'); | ||
| * const key = kdf.deriveChildKey('aes', 0); | ||
| * console.log(kdf.fingerprint); | ||
| * kdf.expire(); | ||
| */ | ||
| export declare function eskdf(username: string, password: string): ESKDF; | ||
| export {}; |
35
eskdf.js
@@ -10,8 +10,2 @@ "use strict"; | ||
| // A tiny KDF for various applications like AES key-gen | ||
| // | ||
| // const kdf = await eskdf('example-university', 'beginning-new-example'); | ||
| // const key = kdf.deriveChildKey('aes', 0); | ||
| // console.log(kdf.fingerprint); | ||
| // kdf.expire(); | ||
| // | ||
| const SCRYPT_FACTOR = 2 ** 19; | ||
@@ -43,4 +37,6 @@ const PBKDF2_FACTOR = 2 ** 17; | ||
| } | ||
| // Derives main key. Takes a lot of time. | ||
| // username and password must have enough entropy. | ||
| /** | ||
| * Derives main seed. Takes a lot of time. | ||
| * Prefer `eskdf` method instead. | ||
| */ | ||
| function deriveMainSeed(username, password) { | ||
@@ -59,5 +55,6 @@ if (!strHasLength(username, 8, 255)) | ||
| exports.deriveMainSeed = deriveMainSeed; | ||
| // Derives a child key. Child key cannot be associated with any other child key | ||
| // because of properties of underlying KDF. | ||
| // deriveChildKey(seed, 'aes'); | ||
| /** | ||
| * Derives a child key. Prefer `eskdf` method instead. | ||
| * @example deriveChildKey(seed, 'aes', 0) | ||
| */ | ||
| function deriveChildKey(seed, protocol, accountId = 0, keyLength = 32) { | ||
@@ -93,5 +90,15 @@ (0, utils_js_1.assertBytes)(seed, 32); | ||
| exports.deriveChildKey = deriveChildKey; | ||
| // We are using closure + object instead of class because | ||
| // we want to make `seed` non-accessible for any external function. | ||
| /** | ||
| * ESKDF | ||
| * @param username - username, email, or identifier, min: 8 characters, should have enough entropy | ||
| * @param password - password, min: 8 characters, should have enough entropy | ||
| * @example | ||
| * const kdf = await eskdf('example-university', 'beginning-new-example'); | ||
| * const key = kdf.deriveChildKey('aes', 0); | ||
| * console.log(kdf.fingerprint); | ||
| * kdf.expire(); | ||
| */ | ||
| async function eskdf(username, password) { | ||
| // We are using closure + object instead of class because | ||
| // we want to make `seed` non-accessible for any external function. | ||
| let seed = await deriveMainSeed(username, password); | ||
@@ -103,2 +110,4 @@ function derive(protocol, accountId = 0) { | ||
| function expire() { | ||
| if (seed) | ||
| seed.fill(1); | ||
| seed = undefined; | ||
@@ -105,0 +114,0 @@ } |
@@ -183,2 +183,7 @@ import * as blake2 from './_blake2.js'; | ||
| } | ||
| /** | ||
| * BLAKE2b - optimized for 64-bit platforms. JS doesn't have uint64, so it's slower than BLAKE2s. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| export const blake2b = wrapConstructorWithOpts((opts) => new BLAKE2b(opts)); |
@@ -114,2 +114,7 @@ import * as u64 from './_u64.js'; | ||
| } | ||
| /** | ||
| * BLAKE2s - optimized for 32-bit platforms. JS doesn't have uint64, so it's faster than BLAKE2b. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, salt, personalization | ||
| */ | ||
| export const blake2s = wrapConstructorWithOpts((opts) => new BLAKE2s(opts)); |
@@ -233,2 +233,7 @@ import * as u64 from './_u64.js'; | ||
| } | ||
| /** | ||
| * BLAKE3 hash function. | ||
| * @param msg - message that would be hashed | ||
| * @param opts - dkLen, key, context | ||
| */ | ||
| export const blake3 = wrapConstructorWithOpts((opts) => new BLAKE3(opts)); |
@@ -7,8 +7,2 @@ import { hkdf } from './hkdf.js'; | ||
| // A tiny KDF for various applications like AES key-gen | ||
| // | ||
| // const kdf = await eskdf('example-university', 'beginning-new-example'); | ||
| // const key = kdf.deriveChildKey('aes', 0); | ||
| // console.log(kdf.fingerprint); | ||
| // kdf.expire(); | ||
| // | ||
| const SCRYPT_FACTOR = 2 ** 19; | ||
@@ -38,4 +32,6 @@ const PBKDF2_FACTOR = 2 ** 17; | ||
| } | ||
| // Derives main key. Takes a lot of time. | ||
| // username and password must have enough entropy. | ||
| /** | ||
| * Derives main seed. Takes a lot of time. | ||
| * Prefer `eskdf` method instead. | ||
| */ | ||
| export function deriveMainSeed(username, password) { | ||
@@ -53,5 +49,6 @@ if (!strHasLength(username, 8, 255)) | ||
| } | ||
| // Derives a child key. Child key cannot be associated with any other child key | ||
| // because of properties of underlying KDF. | ||
| // deriveChildKey(seed, 'aes'); | ||
| /** | ||
| * Derives a child key. Prefer `eskdf` method instead. | ||
| * @example deriveChildKey(seed, 'aes', 0) | ||
| */ | ||
| export function deriveChildKey(seed, protocol, accountId = 0, keyLength = 32) { | ||
@@ -86,5 +83,15 @@ assertBytes(seed, 32); | ||
| } | ||
| // We are using closure + object instead of class because | ||
| // we want to make `seed` non-accessible for any external function. | ||
| /** | ||
| * ESKDF | ||
| * @param username - username, email, or identifier, min: 8 characters, should have enough entropy | ||
| * @param password - password, min: 8 characters, should have enough entropy | ||
| * @example | ||
| * const kdf = await eskdf('example-university', 'beginning-new-example'); | ||
| * const key = kdf.deriveChildKey('aes', 0); | ||
| * console.log(kdf.fingerprint); | ||
| * kdf.expire(); | ||
| */ | ||
| export async function eskdf(username, password) { | ||
| // We are using closure + object instead of class because | ||
| // we want to make `seed` non-accessible for any external function. | ||
| let seed = await deriveMainSeed(username, password); | ||
@@ -96,2 +103,4 @@ function derive(protocol, accountId = 0) { | ||
| function expire() { | ||
| if (seed) | ||
| seed.fill(1); | ||
| seed = undefined; | ||
@@ -98,0 +107,0 @@ } |
@@ -1,10 +0,18 @@ | ||
| // prettier-ignore | ||
| import { assertHash, assertNumber, toBytes } from './utils.js'; | ||
| import { hmac } from './hmac.js'; | ||
| // HKDF (RFC 5869) | ||
| // HKDF-Extract(IKM, salt) -> PRK NOTE: arguments position differs from spec (IKM is first one, since it is not optional) | ||
| export function hkdf_extract(hash, ikm, salt) { | ||
| // https://soatok.blog/2021/11/17/understanding-hkdf/ | ||
| /** | ||
| * HKDF-Extract(IKM, salt) -> PRK | ||
| * Arguments position differs from spec (IKM is first one, since it is not optional) | ||
| * @param hash | ||
| * @param ikm | ||
| * @param salt | ||
| * @returns | ||
| */ | ||
| export function extract(hash, ikm, salt) { | ||
| assertHash(hash); | ||
| // NOTE: some libraries treats zero-length array as 'not provided', we don't, since we have undefined as 'not provided' | ||
| // More info: https://github.com/RustCrypto/KDFs/issues/15 | ||
| // NOTE: some libraries treat zero-length array as 'not provided'; | ||
| // we don't, since we have undefined as 'not provided' | ||
| // https://github.com/RustCrypto/KDFs/issues/15 | ||
| if (salt === undefined) | ||
@@ -17,6 +25,9 @@ salt = new Uint8Array(hash.outputLen); // if not provided, it is set to a string of HashLen zeros | ||
| const EMPTY_BUFFER = new Uint8Array(); | ||
| export function hkdf_expand(hash, prk, // a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| info, // optional context and application specific information (can be a zero-length string) | ||
| length = 32 // length of output keying material in octets | ||
| ) { | ||
| /** | ||
| * HKDF-expand from the spec. | ||
| * @param prk - a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| * @param info - optional context and application specific information (can be a zero-length string) | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| export function expand(hash, prk, info, length = 32) { | ||
| assertHash(hash); | ||
@@ -32,3 +43,3 @@ assertNumber(length); | ||
| // Re-use HMAC instance between blocks | ||
| const HMAC = hmac.init(hash, prk); | ||
| const HMAC = hmac.create(hash, prk); | ||
| const HMACTmp = HMAC._cloneInto(); | ||
@@ -53,3 +64,10 @@ const T = new Uint8Array(HMAC.outputLen); | ||
| } | ||
| // Extract+Expand | ||
| export const hkdf = (hash, ikm, salt, info, length) => hkdf_expand(hash, hkdf_extract(hash, ikm, salt), info, length); | ||
| /** | ||
| * HKDF (RFC 5869): extract + expand in one step. | ||
| * @param hash - hash function that would be used (e.g. sha256) | ||
| * @param ikm - input keying material, the initial key | ||
| * @param salt - optional salt value (a non-secret random value) | ||
| * @param info - optional context and application specific information | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| export const hkdf = (hash, ikm, salt, info, length) => expand(hash, extract(hash, ikm, salt), info, length); |
@@ -72,4 +72,9 @@ import { assertHash, Hash, toBytes } from './utils.js'; | ||
| } | ||
| /** | ||
| * HMAC: RFC2104 message authentication code. | ||
| * @param hash - function that would be used e.g. sha256 | ||
| * @param key - message key | ||
| * @param message - message data | ||
| */ | ||
| export const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); | ||
| hmac.create = (hash, key) => new HMAC(hash, key); | ||
| hmac.init = hmac.create; |
| "use strict"; | ||
| throw new Error('noble-hashes have no entry-point. Please consult the README.md to learn how to use them'); | ||
| throw new Error('noble-hashes have no entry-point: consult README for usage'); |
@@ -19,3 +19,3 @@ import { hmac } from './hmac.js'; | ||
| // U1 = PRF(Password, Salt + INT_32_BE(i)) | ||
| const PRF = hmac.init(hash, password); | ||
| const PRF = hmac.create(hash, password); | ||
| const PRFSalt = PRF._cloneInto().update(salt); | ||
@@ -32,4 +32,11 @@ return { c, dkLen, asyncTick, DK, PRF, PRFSalt }; | ||
| } | ||
| export function pbkdf2(hash, password, salt, _opts) { | ||
| const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, _opts); | ||
| /** | ||
| * PBKDF2-HMAC: RFC 2898 key derivation function | ||
| * @param hash - hash function that would be used e.g. sha256 | ||
| * @param password - password from which a derived key is generated | ||
| * @param salt - cryptographic salt | ||
| * @param opts - {c, dkLen} where c is work factor and dkLen is output message size | ||
| */ | ||
| export function pbkdf2(hash, password, salt, opts) { | ||
| const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); | ||
| let prfW; // Working copy | ||
@@ -57,4 +64,4 @@ const arr = new Uint8Array(4); | ||
| } | ||
| export async function pbkdf2Async(hash, password, salt, _opts) { | ||
| const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, _opts); | ||
| export async function pbkdf2Async(hash, password, salt, opts) { | ||
| const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); | ||
| let prfW; // Working copy | ||
@@ -61,0 +68,0 @@ const arr = new Uint8Array(4); |
@@ -95,2 +95,6 @@ import { SHA2 } from './_sha2.js'; | ||
| } | ||
| /** | ||
| * RIPEMD-160 - a hash function from 1990s. | ||
| * @param message - msg that would be hashed | ||
| */ | ||
| export const ripemd160 = wrapConstructor(() => new RIPEMD160()); |
| import { sha256 } from './sha256.js'; | ||
| import { pbkdf2 } from './pbkdf2.js'; | ||
| import { assertNumber, asyncLoop, checkOpts, u32 } from './utils.js'; | ||
| // RFC 7914 Scrypt KDF | ||
| // Left rotate for uint32 | ||
| const rotl = (a, b) => (a << b) | (a >>> (32 - b)); | ||
| // The main Scrypt loop: uses Salsa extensively. | ||
| // Six versions of the function were tried, this is the fastest one. | ||
| // prettier-ignore | ||
@@ -150,4 +153,18 @@ function XorAndSalsa(prev, pi, input, ii, out, oi) { | ||
| } | ||
| export function scrypt(password, salt, _opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, _opts); | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| * @param password - pass | ||
| * @param salt - salt | ||
| * @param opts - parameters | ||
| * - `N` is cpu/mem work factor (power of 2 e.g. 2**18) | ||
| * - `r` is block size (8 is common), fine-tunes sequential memory read size and performance | ||
| * - `p` is parallelization factor (1 is common) | ||
| * - `dkLen` is output key length in bytes e.g. 32. | ||
| * - `asyncTick` - (default: 10) max time in ms for which async function can block execution | ||
| * - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt | ||
| * - `onProgress` - callback function that would be executed for progress report | ||
| * @returns Derived key | ||
| */ | ||
| export function scrypt(password, salt, opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts); | ||
| for (let pi = 0; pi < p; pi++) { | ||
@@ -174,4 +191,7 @@ const Pi = blockSize32 * pi; | ||
| } | ||
| export async function scryptAsync(password, salt, _opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, _opts); | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| */ | ||
| export async function scryptAsync(password, salt, opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts); | ||
| for (let pi = 0; pi < p; pi++) { | ||
@@ -178,0 +198,0 @@ const Pi = blockSize32 * pi; |
@@ -103,2 +103,6 @@ import { SHA2 } from './_sha2.js'; | ||
| } | ||
| /** | ||
| * SHA2-256 hash function | ||
| * @param message - data that would be hashed | ||
| */ | ||
| export const sha256 = wrapConstructor(() => new SHA256()); |
@@ -80,3 +80,2 @@ import { toBytes, wrapConstructorWithOpts, assertNumber, u32, } from './utils.js'; | ||
| kmac.create = (key, opts = {}) => new KMAC(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, xof, key, opts); | ||
| kmac.init = kmac.create; | ||
| return kmac; | ||
@@ -123,3 +122,2 @@ } | ||
| tuple.create = (opts = {}) => new TupleHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, xof, opts); | ||
| tuple.init = tuple.create; | ||
| return tuple; | ||
@@ -195,4 +193,3 @@ } | ||
| const parallel = (message, opts) => parallel.create(opts).update(message).digest(); | ||
| parallel.create = (opts = {}) => new ParallelHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, () => leaf.init({ dkLen: 2 * outputLen }), xof, opts); | ||
| parallel.init = parallel.create; | ||
| parallel.create = (opts = {}) => new ParallelHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, () => leaf.create({ dkLen: 2 * outputLen }), xof, opts); | ||
| return parallel; | ||
@@ -199,0 +196,0 @@ } |
@@ -192,2 +192,6 @@ import * as u64 from './_u64.js'; | ||
| export const sha3_224 = gen(0x06, 144, 224 / 8); | ||
| /** | ||
| * SHA3-256 hash function | ||
| * @param message - that would be hashed | ||
| */ | ||
| export const sha3_256 = gen(0x06, 136, 256 / 8); | ||
@@ -197,2 +201,6 @@ export const sha3_384 = gen(0x06, 104, 384 / 8); | ||
| export const keccak_224 = gen(0x01, 144, 224 / 8); | ||
| /** | ||
| * keccak-256 hash function. Different from SHA3-256. | ||
| * @param message - that would be hashed | ||
| */ | ||
| export const keccak_256 = gen(0x01, 136, 256 / 8); | ||
@@ -199,0 +207,0 @@ export const keccak_384 = gen(0x01, 104, 384 / 8); |
@@ -1,2 +0,2 @@ | ||
| /*! noble-hashes - MIT License (c) 2021 Paul Miller (paulmillr.com) */ | ||
| /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
| // The import here is via the package name. This is to ensure | ||
@@ -18,4 +18,7 @@ // that exports mapping/resolution does fall into place. | ||
| const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0')); | ||
| /** | ||
| * @example bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef])) | ||
| */ | ||
| export function bytesToHex(uint8a) { | ||
| // pre-caching chars could speed this up 6x. | ||
| // pre-caching improves the speed 6x | ||
| let hex = ''; | ||
@@ -27,11 +30,5 @@ for (let i = 0; i < uint8a.length; i++) { | ||
| } | ||
| function parseHexByte(hexByte) { | ||
| if (hexByte.length !== 2) | ||
| throw new Error('Invalid byte sequence'); | ||
| const byte = Number.parseInt(hexByte, 16); | ||
| if (Number.isNaN(byte)) | ||
| throw new Error('Invalid byte sequence'); | ||
| return byte; | ||
| } | ||
| // Buffer.from(hex, 'hex') -> hexToBytes(hex) | ||
| /** | ||
| * @example hexToBytes('deadbeef') | ||
| */ | ||
| export function hexToBytes(hex) { | ||
@@ -46,3 +43,7 @@ if (typeof hex !== 'string') { | ||
| const j = i * 2; | ||
| array[i] = parseHexByte(hex.slice(j, j + 2)); | ||
| const hexByte = hex.slice(j, j + 2); | ||
| const byte = Number.parseInt(hexByte, 16); | ||
| if (Number.isNaN(byte)) | ||
| throw new Error('Invalid byte sequence'); | ||
| array[i] = byte; | ||
| } | ||
@@ -92,7 +93,11 @@ return array; | ||
| } | ||
| // Buffer.concat([buf1, buf2]) -> concatBytes(buf1, buf2) | ||
| /** | ||
| * Concats Uint8Array-s into one; like `Buffer.concat([buf1, buf2])` | ||
| * @example concatBytes(buf1, buf2) | ||
| */ | ||
| export function concatBytes(...arrays) { | ||
| if (arrays.length === 1) { | ||
| if (!arrays.every((a) => a instanceof Uint8Array)) | ||
| throw new Error('Uint8Array list expected'); | ||
| if (arrays.length === 1) | ||
| return arrays[0]; | ||
| } | ||
| const length = arrays.reduce((a, arr) => a + arr.length, 0); | ||
@@ -123,3 +128,3 @@ const result = new Uint8Array(length); | ||
| export function assertHash(hash) { | ||
| if (typeof hash !== 'function' || typeof hash.init !== 'function') | ||
| if (typeof hash !== 'function' || typeof hash.create !== 'function') | ||
| throw new Error('Hash should be wrapped by utils.wrapConstructor'); | ||
@@ -150,3 +155,2 @@ assertNumber(hash.outputLen); | ||
| hashC.create = () => hashConstructor(); | ||
| hashC.init = hashC.create; | ||
| return hashC; | ||
@@ -160,5 +164,7 @@ } | ||
| hashC.create = (opts) => hashCons(opts); | ||
| hashC.init = hashC.create; | ||
| return hashC; | ||
| } | ||
| /** | ||
| * Secure PRNG | ||
| */ | ||
| export function randomBytes(bytesLength = 32) { | ||
@@ -165,0 +171,0 @@ if (crypto.web) { |
| import { CHash, Input } from './utils.js'; | ||
| export declare function hkdf_extract(hash: CHash, ikm: Input, salt?: Input): Uint8Array; | ||
| export declare function hkdf_expand(hash: CHash, prk: Input, // a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| info?: Input, // optional context and application specific information (can be a zero-length string) | ||
| length?: number): Uint8Array; | ||
| /** | ||
| * HKDF-Extract(IKM, salt) -> PRK | ||
| * Arguments position differs from spec (IKM is first one, since it is not optional) | ||
| * @param hash | ||
| * @param ikm | ||
| * @param salt | ||
| * @returns | ||
| */ | ||
| export declare function extract(hash: CHash, ikm: Input, salt?: Input): Uint8Array; | ||
| /** | ||
| * HKDF-expand from the spec. | ||
| * @param prk - a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| * @param info - optional context and application specific information (can be a zero-length string) | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| export declare function expand(hash: CHash, prk: Input, info?: Input, length?: number): Uint8Array; | ||
| /** | ||
| * HKDF (RFC 5869): extract + expand in one step. | ||
| * @param hash - hash function that would be used (e.g. sha256) | ||
| * @param ikm - input keying material, the initial key | ||
| * @param salt - optional salt value (a non-secret random value) | ||
| * @param info - optional context and application specific information | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| export declare const hkdf: (hash: CHash, ikm: Input, salt: Input | undefined, info: Input | undefined, length: number) => Uint8Array; |
48
hkdf.js
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.hkdf = exports.hkdf_expand = exports.hkdf_extract = void 0; | ||
| // prettier-ignore | ||
| exports.hkdf = exports.expand = exports.extract = void 0; | ||
| const utils_js_1 = require("./utils.js"); | ||
| const hmac_js_1 = require("./hmac.js"); | ||
| // HKDF (RFC 5869) | ||
| // HKDF-Extract(IKM, salt) -> PRK NOTE: arguments position differs from spec (IKM is first one, since it is not optional) | ||
| function hkdf_extract(hash, ikm, salt) { | ||
| // https://soatok.blog/2021/11/17/understanding-hkdf/ | ||
| /** | ||
| * HKDF-Extract(IKM, salt) -> PRK | ||
| * Arguments position differs from spec (IKM is first one, since it is not optional) | ||
| * @param hash | ||
| * @param ikm | ||
| * @param salt | ||
| * @returns | ||
| */ | ||
| function extract(hash, ikm, salt) { | ||
| (0, utils_js_1.assertHash)(hash); | ||
| // NOTE: some libraries treats zero-length array as 'not provided', we don't, since we have undefined as 'not provided' | ||
| // More info: https://github.com/RustCrypto/KDFs/issues/15 | ||
| // NOTE: some libraries treat zero-length array as 'not provided'; | ||
| // we don't, since we have undefined as 'not provided' | ||
| // https://github.com/RustCrypto/KDFs/issues/15 | ||
| if (salt === undefined) | ||
@@ -17,10 +25,13 @@ salt = new Uint8Array(hash.outputLen); // if not provided, it is set to a string of HashLen zeros | ||
| } | ||
| exports.hkdf_extract = hkdf_extract; | ||
| exports.extract = extract; | ||
| // HKDF-Expand(PRK, info, L) -> OKM | ||
| const HKDF_COUNTER = new Uint8Array([0]); | ||
| const EMPTY_BUFFER = new Uint8Array(); | ||
| function hkdf_expand(hash, prk, // a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| info, // optional context and application specific information (can be a zero-length string) | ||
| length = 32 // length of output keying material in octets | ||
| ) { | ||
| /** | ||
| * HKDF-expand from the spec. | ||
| * @param prk - a pseudorandom key of at least HashLen octets (usually, the output from the extract step) | ||
| * @param info - optional context and application specific information (can be a zero-length string) | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| function expand(hash, prk, info, length = 32) { | ||
| (0, utils_js_1.assertHash)(hash); | ||
@@ -36,3 +47,3 @@ (0, utils_js_1.assertNumber)(length); | ||
| // Re-use HMAC instance between blocks | ||
| const HMAC = hmac_js_1.hmac.init(hash, prk); | ||
| const HMAC = hmac_js_1.hmac.create(hash, prk); | ||
| const HMACTmp = HMAC._cloneInto(); | ||
@@ -57,5 +68,12 @@ const T = new Uint8Array(HMAC.outputLen); | ||
| } | ||
| exports.hkdf_expand = hkdf_expand; | ||
| // Extract+Expand | ||
| const hkdf = (hash, ikm, salt, info, length) => hkdf_expand(hash, hkdf_extract(hash, ikm, salt), info, length); | ||
| exports.expand = expand; | ||
| /** | ||
| * HKDF (RFC 5869): extract + expand in one step. | ||
| * @param hash - hash function that would be used (e.g. sha256) | ||
| * @param ikm - input keying material, the initial key | ||
| * @param salt - optional salt value (a non-secret random value) | ||
| * @param info - optional context and application specific information | ||
| * @param length - length of output keying material in octets | ||
| */ | ||
| const hkdf = (hash, ikm, salt, info, length) => expand(hash, extract(hash, ikm, salt), info, length); | ||
| exports.hkdf = hkdf; |
@@ -16,7 +16,12 @@ import { Hash, CHash, Input } from './utils.js'; | ||
| } | ||
| /** | ||
| * HMAC: RFC2104 message authentication code. | ||
| * @param hash - function that would be used e.g. sha256 | ||
| * @param key - message key | ||
| * @param message - message data | ||
| */ | ||
| export declare const hmac: { | ||
| (hash: CHash, key: Input, message: Input): Uint8Array; | ||
| create(hash: CHash, key: Input): HMAC<any>; | ||
| init: (hash: CHash, key: Input) => HMAC<any>; | ||
| }; | ||
| export {}; |
@@ -75,5 +75,10 @@ "use strict"; | ||
| } | ||
| /** | ||
| * HMAC: RFC2104 message authentication code. | ||
| * @param hash - function that would be used e.g. sha256 | ||
| * @param key - message key | ||
| * @param message - message data | ||
| */ | ||
| const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest(); | ||
| exports.hmac = hmac; | ||
| exports.hmac.create = (hash, key) => new HMAC(hash, key); | ||
| exports.hmac.init = exports.hmac.create; |
| "use strict"; | ||
| throw new Error('noble-hashes have no entry-point. Please consult the README.md to learn how to use them'); | ||
| throw new Error('noble-hashes have no entry-point: consult README for usage'); |
| { | ||
| "name": "@noble/hashes", | ||
| "version": "0.5.9", | ||
| "description": "Fast 0-dependency JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2, Scrypt", | ||
| "directories": { | ||
| "lib": "lib", | ||
| "test": "test" | ||
| }, | ||
| "version": "1.0.0", | ||
| "description": "Audited & minimal 0-dependency JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2, Scrypt", | ||
| "files": [ | ||
@@ -18,10 +14,10 @@ "/*.js", | ||
| "bench": "node test/benchmark/index.js", | ||
| "bench-install": "cd test/benchmark && npm install && cd ../../", | ||
| "bench:install": "cd test/benchmark && npm install && cd ../../", | ||
| "build": "tsc -d && tsc -p tsconfig.esm.json", | ||
| "build-release": "rollup -c rollup.config.js", | ||
| "build:release": "rollup -c rollup.config.js", | ||
| "lint": "prettier --check 'src/**/*.{js,ts}' 'test/**/*.{js,ts}'", | ||
| "format": "prettier --write 'src/**/*.{js,ts}' 'test/**/*.{js,ts}'", | ||
| "test": "node test/index.js", | ||
| "test-dos": "node test/slow-dos.test.js", | ||
| "test-big": "node test/slow-big.test.js" | ||
| "test:dos": "node test/slow-dos.test.js", | ||
| "test:big": "node test/slow-big.test.js" | ||
| }, | ||
@@ -47,23 +43,2 @@ "author": "Paul Miller (https://paulmillr.com)", | ||
| }, | ||
| "keywords": [ | ||
| "sha", | ||
| "sha2", | ||
| "sha3", | ||
| "sha256", | ||
| "sha512", | ||
| "keccak", | ||
| "kangarootwelve", | ||
| "ripemd160", | ||
| "blake2", | ||
| "blake3", | ||
| "hmac", | ||
| "hkdf", | ||
| "pbkdf2", | ||
| "scrypt", | ||
| "kdf", | ||
| "hash", | ||
| "cryptography", | ||
| "security", | ||
| "noble" | ||
| ], | ||
| "exports": { | ||
@@ -156,3 +131,24 @@ "./index": { | ||
| "./utils.d.ts": "utils.d.ts" | ||
| } | ||
| }, | ||
| "keywords": [ | ||
| "sha", | ||
| "sha2", | ||
| "sha3", | ||
| "sha256", | ||
| "sha512", | ||
| "keccak", | ||
| "kangarootwelve", | ||
| "ripemd160", | ||
| "blake2", | ||
| "blake3", | ||
| "hmac", | ||
| "hkdf", | ||
| "pbkdf2", | ||
| "scrypt", | ||
| "kdf", | ||
| "hash", | ||
| "cryptography", | ||
| "security", | ||
| "noble" | ||
| ] | ||
| } |
@@ -7,3 +7,10 @@ import { CHash, Input } from './utils.js'; | ||
| }; | ||
| export declare function pbkdf2(hash: CHash, password: Input, salt: Input, _opts: Pbkdf2Opt): Uint8Array; | ||
| export declare function pbkdf2Async(hash: CHash, password: Input, salt: Input, _opts: Pbkdf2Opt): Promise<Uint8Array>; | ||
| /** | ||
| * PBKDF2-HMAC: RFC 2898 key derivation function | ||
| * @param hash - hash function that would be used e.g. sha256 | ||
| * @param password - password from which a derived key is generated | ||
| * @param salt - cryptographic salt | ||
| * @param opts - {c, dkLen} where c is work factor and dkLen is output message size | ||
| */ | ||
| export declare function pbkdf2(hash: CHash, password: Input, salt: Input, opts: Pbkdf2Opt): Uint8Array; | ||
| export declare function pbkdf2Async(hash: CHash, password: Input, salt: Input, opts: Pbkdf2Opt): Promise<Uint8Array>; |
@@ -22,3 +22,3 @@ "use strict"; | ||
| // U1 = PRF(Password, Salt + INT_32_BE(i)) | ||
| const PRF = hmac_js_1.hmac.init(hash, password); | ||
| const PRF = hmac_js_1.hmac.create(hash, password); | ||
| const PRFSalt = PRF._cloneInto().update(salt); | ||
@@ -35,4 +35,11 @@ return { c, dkLen, asyncTick, DK, PRF, PRFSalt }; | ||
| } | ||
| function pbkdf2(hash, password, salt, _opts) { | ||
| const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, _opts); | ||
| /** | ||
| * PBKDF2-HMAC: RFC 2898 key derivation function | ||
| * @param hash - hash function that would be used e.g. sha256 | ||
| * @param password - password from which a derived key is generated | ||
| * @param salt - cryptographic salt | ||
| * @param opts - {c, dkLen} where c is work factor and dkLen is output message size | ||
| */ | ||
| function pbkdf2(hash, password, salt, opts) { | ||
| const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); | ||
| let prfW; // Working copy | ||
@@ -61,4 +68,4 @@ const arr = new Uint8Array(4); | ||
| exports.pbkdf2 = pbkdf2; | ||
| async function pbkdf2Async(hash, password, salt, _opts) { | ||
| const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, _opts); | ||
| async function pbkdf2Async(hash, password, salt, opts) { | ||
| const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); | ||
| let prfW; // Working copy | ||
@@ -65,0 +72,0 @@ const arr = new Uint8Array(4); |
| # noble-hashes  [](https://github.com/prettier/prettier) | ||
| Fast, secure & minimal JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2 & Scrypt. | ||
| Audited & minimal JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2 & Scrypt. | ||
| - **noble** family, zero dependencies | ||
| - 🔻 Helps JS bundlers with lack of entry point; ensures small size of your app | ||
| - 🔁 No unrolled loops: makes it much easier to verify and reduces source code size 2-5x | ||
| - 🔒 [**Audited**](#security) by an independent security firm: no vulnerabilities have been found | ||
| - 🔻 Helps JS bundlers with lack of entry point, ensures small size of your app | ||
| - 🔁 No unrolled loops: makes it easier to verify and reduces source code size up to 5x | ||
| - 🏎 Ultra-fast, hand-optimized for caveats of JS engines | ||
| - 🔍 Unique tests ensure correctness: chained tests, sliding window tests, DoS tests | ||
| - 🧪 Differential fuzzing ensures even more correctness with [cryptofuzz](https://github.com/guidovranken/cryptofuzz) | ||
| - 🔑 Scrypt supports `n: 2**22` with 4GB arrays while other implementations crash on `2**21` or even `2**20`, `maxmem` security param, `onProgress` callback | ||
| - 🐢 Scrypt supports `N: 2**22` with 4GB arrays, while other implementations crash on `2**21` | ||
| - 🦘 SHA3 supports Keccak, TupleHash, KangarooTwelve and MarsupilamiFourteen | ||
| - All primitives are just ~2KLOC / 41KB minified / 14KB gzipped. SHA256-only is 240LOC / 7KB minified / 3KB gzipped | ||
| - 🪶 Just 2.8k lines / 14KB gzipped. SHA256-only is 240 lines / 3KB gzipped | ||
@@ -284,3 +285,3 @@ The library's initial development was funded by [Ethereum Foundation](https://ethereum.org/). | ||
| ```typescript | ||
| import { hkdf } from '@noble/hashes/kdf'; | ||
| import { hkdf } from '@noble/hashes/hkdf'; | ||
| import { sha256 } from '@noble/hashes/sha256'; | ||
@@ -295,6 +296,6 @@ import { randomBytes } from '@noble/hashes/utils'; | ||
| // == same as | ||
| import { hkdf_extract, hkdf_expand } from '@noble/hashes/kdf'; | ||
| import * as hkdf from '@noble/hashes/hkdf'; | ||
| import { sha256 } from '@noble/hashes/sha256'; | ||
| const prk = hkdf_extract(sha256, inputKey, salt); | ||
| const hk2 = hkdf_expand(sha256, prk, info, dkLen); | ||
| const prk = hkdf.extract(sha256, inputKey, salt); | ||
| const hk2 = hkdf.expand(sha256, prk, info, dkLen); | ||
| ``` | ||
@@ -356,2 +357,13 @@ | ||
| Takes following params: | ||
| - `username` - username, email, or identifier, min: 8 characters, should have enough entropy | ||
| - `password` - min: 8 characters, should have enough entropy | ||
| Produces ESKDF instance that has `deriveChildKey(protocol, accountId, keyLength)` function. | ||
| - `protocol` - 3-15 character protocol name | ||
| - `accountId` - numeric identifier of account | ||
| - `keyLength` - (default: 32) key length | ||
| Takes username and password, then takes protocol name and account id. | ||
@@ -381,10 +393,14 @@ | ||
| The library will be audited by an independent security firm in the next few months. | ||
| 1. The library has been audited on Jan 5, 2022 by an independent security firm cure53: [PDF](https://cure53.de/pentest-report_hashing-libs.pdf). No vulnerabilities have been found. The audit has been funded by Ethereum Foundation with help of [Nomic Labs](https://nomiclabs.io). Modules `blake3` and `sha3-addons` have not been audited. | ||
| 2. The library has been fuzzed by [Guido Vranken's cryptofuzz](https://github.com/guidovranken/cryptofuzz). You can run the fuzzer by yourself to check it. | ||
| 3. [Timing attack](https://en.wikipedia.org/wiki/Timing_attack) considerations: _JIT-compiler_ and _Garbage Collector_ make "constant time" extremely hard to achieve in a scripting language. Which means _any other JS library can't have constant-timeness_. Even statically typed Rust, a language without GC, [makes it harder to achieve constant-time](https://www.chosenplaintext.ca/open-source/rust-timing-shield/security) for some cases. If your goal is absolute security, don't use any JS lib — including bindings to native ones. Use low-level libraries & languages. Nonetheless we're targetting algorithmic constant time. | ||
| 4. Memory dump considerations: the library shares state buffers between hash function calls. The buffers are zeroed-out after each call. However, if an attacker can read application memory, you are doomed in any case: | ||
| - At some point, input will be a string and strings are immutable in JS: there is no way to overwrite them with zeros. For example: deriving key from `scrypt(password, salt)` where password and salt are strings | ||
| - Input from a file will stay in file buffers | ||
| - Input / output will be re-used multiple times in application which means it could stay in memory | ||
| - `await anything()` will always write all internal variables (including numbers) to memory. With async functions / Promises there are no guarantees when the code chunk would be executed. Which means attacker can have plenty of time to read data from memory | ||
| - There is no way to guarantee anything about zeroing sensitive data without complex tests-suite which will dump process memory and verify that there is no sensitive data left. For JS it means testing all browsers (incl. mobile), which is complex. And of course it will be useless without using the same test-suite in the actual application that consumes the library | ||
| The library has been fuzzed by [Guido Vranken's cryptofuzz](https://github.com/guidovranken/cryptofuzz). You can run the fuzzer by yourself to check it. | ||
| We consider infrastructure attacks like rogue NPM modules very important; that's why it's crucial to minimize the amount of 3rd-party dependencies & native bindings. If your app uses 500 dependencies, any dep could get hacked and you'll be downloading malware with every `npm install`. Our goal is to minimize this attack vector. | ||
| A note on [timing attacks](https://en.wikipedia.org/wiki/Timing_attack): _JIT-compiler_ and _Garbage Collector_ make "constant time" extremely hard to achieve in a scripting language. Which means _any other JS library can't have constant-timeness_. Even statically typed Rust, a language without GC, [makes it harder to achieve constant-time](https://www.chosenplaintext.ca/open-source/rust-timing-shield/security) for some cases. If your goal is absolute security, don't use any JS lib — including bindings to native ones. Use low-level libraries & languages. Nonetheless we're targetting algorithmic constant time. | ||
| We consider infrastructure attacks like rogue NPM modules very important; that's why it's crucial to minimize the amount of 3rd-party dependencies & native bindings. If your app uses 500 dependencies, any dep could get hacked and you'll be downloading rootkits with every `npm install`. Our goal is to minimize this attack vector. | ||
| ## Speed | ||
@@ -394,20 +410,20 @@ | ||
| Note that PBKDF2 and Scrypt are tested with extremely high work factor. | ||
| To run benchmarks, execute `npm run bench-install` and then `npm run bench` | ||
| To run benchmarks, execute `npm run bench:install` and then `npm run bench` | ||
| ``` | ||
| SHA256 32B x 1,126,126 ops/sec @ 888ns/op | ||
| SHA384 32B x 443,458 ops/sec @ 2μs/op | ||
| SHA512 32B x 448,631 ops/sec @ 2μs/op | ||
| SHA3-256, keccak256, shake256 32B x 183,621 ops/sec @ 5μs/op | ||
| Kangaroo12 32B x 310,077 ops/sec @ 3μs/op | ||
| SHA384 32B x 463,606 ops/sec @ 2μs/op | ||
| SHA512 32B x 467,945 ops/sec @ 2μs/op | ||
| SHA3-256, keccak256, shake256 32B x 184,026 ops/sec @ 5μs/op | ||
| Kangaroo12 32B x 312,891 ops/sec @ 3μs/op | ||
| Marsupilami14 32B x 278,164 ops/sec @ 3μs/op | ||
| BLAKE2b 32B x 297,353 ops/sec @ 3μs/op | ||
| BLAKE2s 32B x 507,614 ops/sec @ 1μs/op | ||
| BLAKE3 32B x 584,795 ops/sec @ 1μs/op | ||
| RIPEMD160 32B x 1,186,239 ops/sec @ 843ns/op | ||
| BLAKE3 32B x 591,016 ops/sec @ 1μs/op | ||
| RIPEMD160 32B x 1,230,012 ops/sec @ 813ns/op | ||
| HMAC-SHA256 32B x 346,860 ops/sec @ 2μs/op | ||
| HKDF-SHA256 32B x 153,045 ops/sec @ 6μs/op | ||
| PBKDF2-HMAC-SHA256 262144 x 2 ops/sec @ 338ms/op | ||
| PBKDF2-HMAC-SHA512 262144 x 0 ops/sec @ 1024ms/op | ||
| Scrypt r: 8, p: 1, n: 262144 x 1 ops/sec @ 637ms/op | ||
| HKDF-SHA256 32B x 153,397 ops/sec @ 6μs/op | ||
| PBKDF2-HMAC-SHA256 262144 x 3 ops/sec @ 326ms/op | ||
| PBKDF2-HMAC-SHA512 262144 x 1 ops/sec @ 970ms/op | ||
| Scrypt r: 8, p: 1, n: 262144 x 1 ops/sec @ 636ms/op | ||
| ``` | ||
@@ -449,4 +465,4 @@ | ||
| 4. `npm run test` will execute all main tests. See [our approach to testing](./test/README.md) | ||
| 5. `npm run test-dos` will test against DoS; by measuring function complexity. **Takes ~20 minutes** | ||
| 6. `npm run test-big` will execute hashing on 4GB inputs, | ||
| 5. `npm run test:dos` will test against DoS; by measuring function complexity. **Takes ~20 minutes** | ||
| 6. `npm run test:big` will execute hashing on 4GB inputs, | ||
| scrypt with 1024 different `N, r, p` combinations, etc. **Takes several hours**. Using 8-32+ core CPU helps. | ||
@@ -458,4 +474,4 @@ | ||
| Copyright (c) 2021 Paul Miller [(https://paulmillr.com)](https://paulmillr.com) | ||
| Copyright (c) 2022 Paul Miller [(https://paulmillr.com)](https://paulmillr.com) | ||
| See LICENSE file. |
@@ -15,2 +15,6 @@ import { SHA2 } from './_sha2.js'; | ||
| } | ||
| /** | ||
| * RIPEMD-160 - a hash function from 1990s. | ||
| * @param message - msg that would be hashed | ||
| */ | ||
| export declare const ripemd160: { | ||
@@ -21,3 +25,2 @@ (message: import("./utils.js").Input): Uint8Array; | ||
| create(): import("./utils.js").Hash<RIPEMD160>; | ||
| init: () => import("./utils.js").Hash<RIPEMD160>; | ||
| }; |
@@ -99,2 +99,6 @@ "use strict"; | ||
| exports.RIPEMD160 = RIPEMD160; | ||
| /** | ||
| * RIPEMD-160 - a hash function from 1990s. | ||
| * @param message - msg that would be hashed | ||
| */ | ||
| exports.ripemd160 = (0, utils_js_1.wrapConstructor)(() => new RIPEMD160()); |
@@ -11,3 +11,20 @@ import { Input } from './utils.js'; | ||
| }; | ||
| export declare function scrypt(password: Input, salt: Input, _opts: ScryptOpts): Uint8Array; | ||
| export declare function scryptAsync(password: Input, salt: Input, _opts: ScryptOpts): Promise<Uint8Array>; | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| * @param password - pass | ||
| * @param salt - salt | ||
| * @param opts - parameters | ||
| * - `N` is cpu/mem work factor (power of 2 e.g. 2**18) | ||
| * - `r` is block size (8 is common), fine-tunes sequential memory read size and performance | ||
| * - `p` is parallelization factor (1 is common) | ||
| * - `dkLen` is output key length in bytes e.g. 32. | ||
| * - `asyncTick` - (default: 10) max time in ms for which async function can block execution | ||
| * - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt | ||
| * - `onProgress` - callback function that would be executed for progress report | ||
| * @returns Derived key | ||
| */ | ||
| export declare function scrypt(password: Input, salt: Input, opts: ScryptOpts): Uint8Array; | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| */ | ||
| export declare function scryptAsync(password: Input, salt: Input, opts: ScryptOpts): Promise<Uint8Array>; |
@@ -7,4 +7,7 @@ "use strict"; | ||
| const utils_js_1 = require("./utils.js"); | ||
| // RFC 7914 Scrypt KDF | ||
| // Left rotate for uint32 | ||
| const rotl = (a, b) => (a << b) | (a >>> (32 - b)); | ||
| // The main Scrypt loop: uses Salsa extensively. | ||
| // Six versions of the function were tried, this is the fastest one. | ||
| // prettier-ignore | ||
@@ -154,4 +157,18 @@ function XorAndSalsa(prev, pi, input, ii, out, oi) { | ||
| } | ||
| function scrypt(password, salt, _opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, _opts); | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| * @param password - pass | ||
| * @param salt - salt | ||
| * @param opts - parameters | ||
| * - `N` is cpu/mem work factor (power of 2 e.g. 2**18) | ||
| * - `r` is block size (8 is common), fine-tunes sequential memory read size and performance | ||
| * - `p` is parallelization factor (1 is common) | ||
| * - `dkLen` is output key length in bytes e.g. 32. | ||
| * - `asyncTick` - (default: 10) max time in ms for which async function can block execution | ||
| * - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt | ||
| * - `onProgress` - callback function that would be executed for progress report | ||
| * @returns Derived key | ||
| */ | ||
| function scrypt(password, salt, opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts); | ||
| for (let pi = 0; pi < p; pi++) { | ||
@@ -179,4 +196,7 @@ const Pi = blockSize32 * pi; | ||
| exports.scrypt = scrypt; | ||
| async function scryptAsync(password, salt, _opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, _opts); | ||
| /** | ||
| * Scrypt KDF from RFC 7914. | ||
| */ | ||
| async function scryptAsync(password, salt, opts) { | ||
| const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts); | ||
| for (let pi = 0; pi < p; pi++) { | ||
@@ -183,0 +203,0 @@ const Pi = blockSize32 * pi; |
@@ -18,2 +18,6 @@ import { SHA2 } from './_sha2.js'; | ||
| } | ||
| /** | ||
| * SHA2-256 hash function | ||
| * @param message - data that would be hashed | ||
| */ | ||
| export declare const sha256: { | ||
@@ -24,4 +28,3 @@ (message: import("./utils.js").Input): Uint8Array; | ||
| create(): import("./utils.js").Hash<SHA256>; | ||
| init: () => import("./utils.js").Hash<SHA256>; | ||
| }; | ||
| export {}; |
@@ -106,2 +106,6 @@ "use strict"; | ||
| } | ||
| /** | ||
| * SHA2-256 hash function | ||
| * @param message - data that would be hashed | ||
| */ | ||
| exports.sha256 = (0, utils_js_1.wrapConstructor)(() => new SHA256()); |
@@ -12,3 +12,2 @@ import { Input, Hash, HashXOF } from './utils.js'; | ||
| create(opts: cShakeOpts): Hash<Keccak>; | ||
| init: (opts: cShakeOpts) => Hash<Keccak>; | ||
| }; | ||
@@ -20,3 +19,2 @@ export declare const cshake256: { | ||
| create(opts: cShakeOpts): Hash<Keccak>; | ||
| init: (opts: cShakeOpts) => Hash<Keccak>; | ||
| }; | ||
@@ -32,3 +30,2 @@ declare class KMAC extends Keccak implements HashXOF<KMAC> { | ||
| create(key: Input, opts?: cShakeOpts): KMAC; | ||
| init: (key: Input, opts?: cShakeOpts) => KMAC; | ||
| }; | ||
@@ -38,3 +35,2 @@ export declare const kmac256: { | ||
| create(key: Input, opts?: cShakeOpts): KMAC; | ||
| init: (key: Input, opts?: cShakeOpts) => KMAC; | ||
| }; | ||
@@ -44,3 +40,2 @@ export declare const kmac128xof: { | ||
| create(key: Input, opts?: cShakeOpts): KMAC; | ||
| init: (key: Input, opts?: cShakeOpts) => KMAC; | ||
| }; | ||
@@ -50,3 +45,2 @@ export declare const kmac256xof: { | ||
| create(key: Input, opts?: cShakeOpts): KMAC; | ||
| init: (key: Input, opts?: cShakeOpts) => KMAC; | ||
| }; | ||
@@ -62,3 +56,2 @@ declare class TupleHash extends Keccak implements HashXOF<TupleHash> { | ||
| create(opts?: cShakeOpts): TupleHash; | ||
| init: (opts?: cShakeOpts) => TupleHash; | ||
| }; | ||
@@ -68,3 +61,2 @@ export declare const tuplehash256: { | ||
| create(opts?: cShakeOpts): TupleHash; | ||
| init: (opts?: cShakeOpts) => TupleHash; | ||
| }; | ||
@@ -74,3 +66,2 @@ export declare const tuplehash128xof: { | ||
| create(opts?: cShakeOpts): TupleHash; | ||
| init: (opts?: cShakeOpts) => TupleHash; | ||
| }; | ||
@@ -80,3 +71,2 @@ export declare const tuplehash256xof: { | ||
| create(opts?: cShakeOpts): TupleHash; | ||
| init: (opts?: cShakeOpts) => TupleHash; | ||
| }; | ||
@@ -101,3 +91,2 @@ declare type ParallelOpts = cShakeOpts & { | ||
| create(opts?: ParallelOpts): ParallelHash; | ||
| init: (opts?: ParallelOpts) => ParallelHash; | ||
| }; | ||
@@ -107,3 +96,2 @@ export declare const parallelhash256: { | ||
| create(opts?: ParallelOpts): ParallelHash; | ||
| init: (opts?: ParallelOpts) => ParallelHash; | ||
| }; | ||
@@ -113,3 +101,2 @@ export declare const parallelhash128xof: { | ||
| create(opts?: ParallelOpts): ParallelHash; | ||
| init: (opts?: ParallelOpts) => ParallelHash; | ||
| }; | ||
@@ -119,3 +106,2 @@ export declare const parallelhash256xof: { | ||
| create(opts?: ParallelOpts): ParallelHash; | ||
| init: (opts?: ParallelOpts) => ParallelHash; | ||
| }; | ||
@@ -145,3 +131,2 @@ export declare type KangarooOpts = { | ||
| create(opts: KangarooOpts): Hash<KangarooTwelve>; | ||
| init: (opts: KangarooOpts) => Hash<KangarooTwelve>; | ||
| }; | ||
@@ -153,3 +138,2 @@ export declare const m14: { | ||
| create(opts: KangarooOpts): Hash<KangarooTwelve>; | ||
| init: (opts: KangarooOpts) => Hash<KangarooTwelve>; | ||
| }; | ||
@@ -156,0 +140,0 @@ declare class KeccakPRG extends Keccak { |
@@ -83,3 +83,2 @@ "use strict"; | ||
| kmac.create = (key, opts = {}) => new KMAC(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, xof, key, opts); | ||
| kmac.init = kmac.create; | ||
| return kmac; | ||
@@ -126,3 +125,2 @@ } | ||
| tuple.create = (opts = {}) => new TupleHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, xof, opts); | ||
| tuple.init = tuple.create; | ||
| return tuple; | ||
@@ -198,4 +196,3 @@ } | ||
| const parallel = (message, opts) => parallel.create(opts).update(message).digest(); | ||
| parallel.create = (opts = {}) => new ParallelHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, () => leaf.init({ dkLen: 2 * outputLen }), xof, opts); | ||
| parallel.init = parallel.create; | ||
| parallel.create = (opts = {}) => new ParallelHash(blockLen, opts.dkLen !== undefined ? opts.dkLen : outputLen, () => leaf.create({ dkLen: 2 * outputLen }), xof, opts); | ||
| return parallel; | ||
@@ -202,0 +199,0 @@ } |
@@ -32,4 +32,7 @@ import { Hash, Input, HashXOF } from './utils.js'; | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
| /** | ||
| * SHA3-256 hash function | ||
| * @param message - that would be hashed | ||
| */ | ||
| export declare const sha3_256: { | ||
@@ -40,3 +43,2 @@ (message: Input): Uint8Array; | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -48,3 +50,2 @@ export declare const sha3_384: { | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -56,3 +57,2 @@ export declare const sha3_512: { | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -64,4 +64,7 @@ export declare const keccak_224: { | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
| /** | ||
| * keccak-256 hash function. Different from SHA3-256. | ||
| * @param message - that would be hashed | ||
| */ | ||
| export declare const keccak_256: { | ||
@@ -72,3 +75,2 @@ (message: Input): Uint8Array; | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -80,3 +82,2 @@ export declare const keccak_384: { | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -88,3 +89,2 @@ export declare const keccak_512: { | ||
| create(): Hash<Keccak>; | ||
| init: () => Hash<Keccak>; | ||
| }; | ||
@@ -99,3 +99,2 @@ export declare type ShakeOpts = { | ||
| create(opts: ShakeOpts): Hash<Keccak>; | ||
| init: (opts: ShakeOpts) => Hash<Keccak>; | ||
| }; | ||
@@ -107,3 +106,2 @@ export declare const shake256: { | ||
| create(opts: ShakeOpts): Hash<Keccak>; | ||
| init: (opts: ShakeOpts) => Hash<Keccak>; | ||
| }; |
@@ -216,2 +216,6 @@ "use strict"; | ||
| exports.sha3_224 = gen(0x06, 144, 224 / 8); | ||
| /** | ||
| * SHA3-256 hash function | ||
| * @param message - that would be hashed | ||
| */ | ||
| exports.sha3_256 = gen(0x06, 136, 256 / 8); | ||
@@ -221,2 +225,6 @@ exports.sha3_384 = gen(0x06, 104, 384 / 8); | ||
| exports.keccak_224 = gen(0x01, 144, 224 / 8); | ||
| /** | ||
| * keccak-256 hash function. Different from SHA3-256. | ||
| * @param message - that would be hashed | ||
| */ | ||
| exports.keccak_256 = gen(0x01, 136, 256 / 8); | ||
@@ -223,0 +231,0 @@ exports.keccak_384 = gen(0x01, 104, 384 / 8); |
@@ -48,3 +48,2 @@ import { SHA2 } from './_sha2.js'; | ||
| create(): import("./utils.js").Hash<SHA512>; | ||
| init: () => import("./utils.js").Hash<SHA512>; | ||
| }; | ||
@@ -56,3 +55,2 @@ export declare const sha512_256: { | ||
| create(): import("./utils.js").Hash<SHA512>; | ||
| init: () => import("./utils.js").Hash<SHA512>; | ||
| }; | ||
@@ -64,3 +62,2 @@ export declare const sha384: { | ||
| create(): import("./utils.js").Hash<SHA512>; | ||
| init: () => import("./utils.js").Hash<SHA512>; | ||
| }; |
@@ -1,2 +0,2 @@ | ||
| /*! noble-hashes - MIT License (c) 2021 Paul Miller (paulmillr.com) */ | ||
| /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
| export declare type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array | Uint16Array | Int16Array | Uint32Array | Int32Array; | ||
@@ -8,3 +8,9 @@ export declare const u8: (arr: TypedArray) => Uint8Array; | ||
| export declare const isLE: boolean; | ||
| /** | ||
| * @example bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef])) | ||
| */ | ||
| export declare function bytesToHex(uint8a: Uint8Array): string; | ||
| /** | ||
| * @example hexToBytes('deadbeef') | ||
| */ | ||
| export declare function hexToBytes(hex: string): Uint8Array; | ||
@@ -16,2 +22,6 @@ export declare const nextTick: () => Promise<unknown>; | ||
| export declare function toBytes(data: Input): Uint8Array; | ||
| /** | ||
| * Concats Uint8Array-s into one; like `Buffer.concat([buf1, buf2])` | ||
| * @example concatBytes(buf1, buf2) | ||
| */ | ||
| export declare function concatBytes(...arrays: Uint8Array[]): Uint8Array; | ||
@@ -32,2 +42,7 @@ export declare function assertNumber(n: number): void; | ||
| } | ||
| /** | ||
| * XOF: streaming API to read digest in chunks. | ||
| * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name. | ||
| * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot destroy state, next call can require more bytes. | ||
| */ | ||
| export declare type HashXOF<T extends Hash<T>> = Hash<T> & { | ||
@@ -45,3 +60,2 @@ xof(bytes: number): Uint8Array; | ||
| create(): Hash<T>; | ||
| init: () => Hash<T>; | ||
| }; | ||
@@ -53,5 +67,7 @@ export declare function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(hashCons: (opts?: T) => Hash<H>): { | ||
| create(opts: T): Hash<H>; | ||
| init: (opts: T) => Hash<H>; | ||
| }; | ||
| /** | ||
| * Secure PRNG | ||
| */ | ||
| export declare function randomBytes(bytesLength?: number): Uint8Array; | ||
| export {}; |
42
utils.js
| "use strict"; | ||
| /*! noble-hashes - MIT License (c) 2021 Paul Miller (paulmillr.com) */ | ||
| /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
@@ -25,4 +25,7 @@ exports.randomBytes = exports.wrapConstructorWithOpts = exports.wrapConstructor = exports.checkOpts = exports.Hash = exports.assertHash = exports.assertBytes = exports.assertBool = exports.assertNumber = exports.concatBytes = exports.toBytes = exports.utf8ToBytes = exports.asyncLoop = exports.nextTick = exports.hexToBytes = exports.bytesToHex = exports.isLE = exports.rotr = exports.createView = exports.u32 = exports.u8 = void 0; | ||
| const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0')); | ||
| /** | ||
| * @example bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef])) | ||
| */ | ||
| function bytesToHex(uint8a) { | ||
| // pre-caching chars could speed this up 6x. | ||
| // pre-caching improves the speed 6x | ||
| let hex = ''; | ||
@@ -35,11 +38,5 @@ for (let i = 0; i < uint8a.length; i++) { | ||
| exports.bytesToHex = bytesToHex; | ||
| function parseHexByte(hexByte) { | ||
| if (hexByte.length !== 2) | ||
| throw new Error('Invalid byte sequence'); | ||
| const byte = Number.parseInt(hexByte, 16); | ||
| if (Number.isNaN(byte)) | ||
| throw new Error('Invalid byte sequence'); | ||
| return byte; | ||
| } | ||
| // Buffer.from(hex, 'hex') -> hexToBytes(hex) | ||
| /** | ||
| * @example hexToBytes('deadbeef') | ||
| */ | ||
| function hexToBytes(hex) { | ||
@@ -54,3 +51,7 @@ if (typeof hex !== 'string') { | ||
| const j = i * 2; | ||
| array[i] = parseHexByte(hex.slice(j, j + 2)); | ||
| const hexByte = hex.slice(j, j + 2); | ||
| const byte = Number.parseInt(hexByte, 16); | ||
| if (Number.isNaN(byte)) | ||
| throw new Error('Invalid byte sequence'); | ||
| array[i] = byte; | ||
| } | ||
@@ -104,7 +105,11 @@ return array; | ||
| exports.toBytes = toBytes; | ||
| // Buffer.concat([buf1, buf2]) -> concatBytes(buf1, buf2) | ||
| /** | ||
| * Concats Uint8Array-s into one; like `Buffer.concat([buf1, buf2])` | ||
| * @example concatBytes(buf1, buf2) | ||
| */ | ||
| function concatBytes(...arrays) { | ||
| if (arrays.length === 1) { | ||
| if (!arrays.every((a) => a instanceof Uint8Array)) | ||
| throw new Error('Uint8Array list expected'); | ||
| if (arrays.length === 1) | ||
| return arrays[0]; | ||
| } | ||
| const length = arrays.reduce((a, arr) => a + arr.length, 0); | ||
@@ -139,3 +144,3 @@ const result = new Uint8Array(length); | ||
| function assertHash(hash) { | ||
| if (typeof hash !== 'function' || typeof hash.init !== 'function') | ||
| if (typeof hash !== 'function' || typeof hash.create !== 'function') | ||
| throw new Error('Hash should be wrapped by utils.wrapConstructor'); | ||
@@ -169,3 +174,2 @@ assertNumber(hash.outputLen); | ||
| hashC.create = () => hashConstructor(); | ||
| hashC.init = hashC.create; | ||
| return hashC; | ||
@@ -180,6 +184,8 @@ } | ||
| hashC.create = (opts) => hashCons(opts); | ||
| hashC.init = hashC.create; | ||
| return hashC; | ||
| } | ||
| exports.wrapConstructorWithOpts = wrapConstructorWithOpts; | ||
| /** | ||
| * Secure PRNG | ||
| */ | ||
| function randomBytes(bytesLength = 32) { | ||
@@ -186,0 +192,0 @@ if (crypto_1.crypto.web) { |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.84%
269724
- Lines of code
- increased by4.86%
6045
- Number of medium maintenance alerts
- decreased by-100%
0
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by3.52%
471
- Number of medium supply chain risk alerts
- decreased by-100%
0
No dependency changes