Skip to content

Commit

Permalink
Refactor: use clean util
Browse files Browse the repository at this point in the history
  • Loading branch information
paulmillr committed Jun 27, 2024
1 parent ea2f2d2 commit 81196d0
Show file tree
Hide file tree
Showing 12 changed files with 178 additions and 178 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -518,7 +518,7 @@ encrypt (8KB)
├─chacha20poly1305 x 22,691 ops/sec @ 44μs/op
├─xchacha20poly1305 x 22,463 ops/sec @ 44μs/op
├─aes-256-gcm x 8,082 ops/sec @ 123μs/op
└─aes-256-gcm-siv x 2,376 ops/sec @ 420μs/op
└─aes-256-gcm-siv x 7,907 ops/sec @ 126μs/op
encrypt (1MB)
├─xsalsa20poly1305 x 171 ops/sec @ 5ms/op
├─chacha20poly1305 x 186 ops/sec @ 5ms/op
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions src/_arx.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// Basic utils for ARX (add-rotate-xor) salsa and chacha ciphers.
import { number as anumber, bytes as abytes, bool as abool } from './_assert.js';
import { XorStream, checkOpts, u32, copyBytes } from './utils.js';
import { bool as abool, bytes as abytes, number as anumber } from './_assert.js';
import { XorStream, checkOpts, clean, copyBytes, u32 } from './utils.js';

/*
RFC8439 requires multi-step cipher stream, where
Expand Down Expand Up @@ -207,7 +207,7 @@ export function createCipher(core: CipherCoreFn, opts: CipherOpts): XorStream {
}
const n32 = u32(nonce);
runCipher(core, sigma, k32, n32, data, output, counter, rounds);
for (const i of toClean) i.fill(0);
clean(...toClean)
return output;
};
}
71 changes: 37 additions & 34 deletions src/_micro.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */
// prettier-ignore
import {
Cipher, XorStream, createView, setBigUint64, wrapCipher,
bytesToHex, concatBytes, equalBytes, hexToNumber, numberToBytesBE,
} from './utils.js';
import { createCipher, rotl } from './_arx.js';
import { bytes as abytes } from './_assert.js';
import {
Cipher, XorStream,
bytesToHex, concatBytes,
createView,
equalBytes, hexToNumber, numberToBytesBE,
setBigUint64, wrapCipher,
} from './utils.js';

/*
noble-ciphers-micro: more auditable, but slower version of salsa20, chacha & poly1305.
Expand Down Expand Up @@ -73,7 +76,7 @@ function salsaCore(
const y = new Uint32Array([
s[0], k[0], k[1], k[2], // "expa" Key Key Key
k[3], s[1], n[0], n[1], // Key "nd 3" Nonce Nonce
cnt, 0 , s[2], k[4], // Pos. Pos. "2-by" Key
cnt, 0, s[2], k[4], // Pos. Pos. "2-by" Key
k[5], k[6], k[7], s[3], // Key Key Key "te k"
]);
const x = y.slice();
Expand All @@ -91,10 +94,10 @@ export function hsalsa(s: Uint32Array, k: Uint32Array, i: Uint32Array, o32: Uint
]);
salsaRound(x, 20);
let oi = 0;
o32[oi++] = x[0]; o32[oi++] = x[5];
o32[oi++] = x[0]; o32[oi++] = x[5];
o32[oi++] = x[10]; o32[oi++] = x[15];
o32[oi++] = x[6]; o32[oi++] = x[7];
o32[oi++] = x[8]; o32[oi++] = x[9];
o32[oi++] = x[6]; o32[oi++] = x[7];
o32[oi++] = x[8]; o32[oi++] = x[9];
}

function chachaCore(
Expand All @@ -110,7 +113,7 @@ function chachaCore(
s[0], s[1], s[2], s[3], // "expa" "nd 3" "2-by" "te k"
k[0], k[1], k[2], k[3], // Key Key Key Key
k[4], k[5], k[6], k[7], // Key Key Key Key
cnt, n[0], n[1], n[2], // Counter Counter Nonce Nonce
cnt, n[0], n[1], n[2], // Counter Counter Nonce Nonce
]);
const x = y.slice();
chachaRound(x, rounds);
Expand All @@ -127,8 +130,8 @@ export function hchacha(s: Uint32Array, k: Uint32Array, i: Uint32Array, o32: Uin
]);
chachaRound(x, 20);
let oi = 0;
o32[oi++] = x[0]; o32[oi++] = x[1];
o32[oi++] = x[2]; o32[oi++] = x[3];
o32[oi++] = x[0]; o32[oi++] = x[1];
o32[oi++] = x[2]; o32[oi++] = x[3];
o32[oi++] = x[12]; o32[oi++] = x[13];
o32[oi++] = x[14]; o32[oi++] = x[15];
}
Expand Down Expand Up @@ -282,30 +285,30 @@ export function secretbox(key: Uint8Array, nonce: Uint8Array) {

export const _poly1305_aead =
(fn: XorStream) =>
(key: Uint8Array, nonce: Uint8Array, AAD?: Uint8Array): Cipher => {
const tagLength = 16;
const keyLength = 32;
abytes(key, keyLength);
abytes(nonce);
return {
encrypt(plaintext: Uint8Array) {
abytes(plaintext);
const res = fn(key, nonce, plaintext, undefined, 1);
const tag = computeTag(fn, key, nonce, res, AAD);
return concatBytes(res, tag);
},
decrypt(ciphertext: Uint8Array) {
abytes(ciphertext);
if (ciphertext.length < tagLength)
throw new Error(`encrypted data must be at least ${tagLength} bytes`);
const passedTag = ciphertext.subarray(-tagLength);
const data = ciphertext.subarray(0, -tagLength);
const tag = computeTag(fn, key, nonce, data, AAD);
if (!equalBytes(passedTag, tag)) throw new Error('invalid poly1305 tag');
return fn(key, nonce, data, undefined, 1);
},
(key: Uint8Array, nonce: Uint8Array, AAD?: Uint8Array): Cipher => {
const tagLength = 16;
const keyLength = 32;
abytes(key, keyLength);
abytes(nonce);
return {
encrypt(plaintext: Uint8Array) {
abytes(plaintext);
const res = fn(key, nonce, plaintext, undefined, 1);
const tag = computeTag(fn, key, nonce, res, AAD);
return concatBytes(res, tag);
},
decrypt(ciphertext: Uint8Array) {
abytes(ciphertext);
if (ciphertext.length < tagLength)
throw new Error(`encrypted data must be at least ${tagLength} bytes`);
const passedTag = ciphertext.subarray(-tagLength);
const data = ciphertext.subarray(0, -tagLength);
const tag = computeTag(fn, key, nonce, data, AAD);
if (!equalBytes(passedTag, tag)) throw new Error('invalid poly1305 tag');
return fn(key, nonce, data, undefined, 1);
},
};
};
};

/**
* chacha20-poly1305 12-byte-nonce chacha.
Expand Down
14 changes: 5 additions & 9 deletions src/_poly1305.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { exists as aexists, bytes as abytes, output as aoutput } from './_assert.js';
import { Input, toBytes, Hash } from './utils.js';
import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';
import { Hash, Input, clean, toBytes } from './utils.js';

// Poly1305 is a fast and parallel secret-key message-authentication code.
// https://cr.yp.to/mac.html, https://cr.yp.to/mac/poly1305-20050329.pdf
Expand Down Expand Up @@ -214,15 +214,15 @@ class Poly1305 implements Hash<Poly1305> {
f = (((h[i] + pad[i]) | 0) + (f >>> 16)) | 0;
h[i] = f & 0xffff;
}
g.fill(0);
clean(g);
}
update(data: Input): this {
aexists(this);
const { buffer, blockLen } = this;
data = toBytes(data);
const len = data.length;

for (let pos = 0; pos < len; ) {
for (let pos = 0; pos < len;) {
const take = Math.min(blockLen - this.pos, len - pos);
// Fast path: we have at least one block in input
if (take === blockLen) {
Expand All @@ -240,10 +240,7 @@ class Poly1305 implements Hash<Poly1305> {
return this;
}
destroy() {
this.h.fill(0);
this.r.fill(0);
this.buffer.fill(0);
this.pad.fill(0);
clean(this.h, this.r, this.buffer, this.pad);
}
digestInto(out: Uint8Array) {
aexists(this);
Expand All @@ -253,7 +250,6 @@ class Poly1305 implements Hash<Poly1305> {
let { pos } = this;
if (pos) {
buffer[pos++] = 1;
// buffer.subarray(pos).fill(0);
for (; pos < 16; pos++) buffer[pos] = 0;
this.process(buffer, 0, true);
}
Expand Down
8 changes: 4 additions & 4 deletions src/_polyval.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { createView, toBytes, Input, Hash, u32, copyBytes } from './utils.js';
import { bytes as abytes, exists as aexists, output as aoutput } from './_assert.js';
import { clean, copyBytes, createView, Hash, Input, toBytes, u32 } from './utils.js';

// GHash from AES-GCM and its little-endian "mirror image" Polyval from AES-SIV.
// Implemented in terms of GHash with conversion function for keys
Expand Down Expand Up @@ -148,7 +148,7 @@ class GHASH implements Hash<GHASH> {
if (left) {
ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));
this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);
ZEROS32.fill(0); // clean tmp buffer
clean(ZEROS32); // clean tmp buffer
}
return this;
}
Expand Down Expand Up @@ -184,7 +184,7 @@ class Polyval extends GHASH {
key = toBytes(key);
const ghKey = _toGHASHKey(copyBytes(key));
super(ghKey, expectedLength);
ghKey.fill(0);
clean(ghKey);
}
update(data: Input): this {
data = toBytes(data);
Expand All @@ -208,7 +208,7 @@ class Polyval extends GHASH {
swapLE(ZEROS32[1]),
swapLE(ZEROS32[0])
);
ZEROS32.fill(0); // clean tmp buffer
clean(ZEROS32);
}
return this;
}
Expand Down
Loading

0 comments on commit 81196d0

Please sign in to comment.