这是indexloc提供的服务,不要输入任何密码
Skip to content

[wip] Return a frozen array of bytes when producing keypairs #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[wip] Return a frozen array of bytes when producing keypairs #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 37 additions & 7 deletions nacl-fast.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,28 @@ function crypto_verify_32(x, xi, y, yi) {
return vn(x,xi,y,yi,32);
}

function key_arrays_to_keypair(pk, sk) {
var pkArray, skArray;
return Object.defineProperties({}, {
publicKey: {
get: function() {
if (pkArray === undefined) {
pkArray = Object.freeze(Array.from(pk));
}
return pkArray;
}
},
secretKey: {
get: function() {
if (skArray === undefined) {
skArray = Object.freeze(Array.from(sk));
}
return skArray;
}
}
});
}
Comment on lines +58 to +76
Copy link
Author

@steveluscher steveluscher Aug 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This produces an object {publicKey: [...], secretKey: [...]} that can't be mutated.


function core_salsa20(o, p, k, c) {
var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,
j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,
Expand Down Expand Up @@ -2161,8 +2183,16 @@ function checkBoxLengths(pk, sk) {

function checkArrayTypes() {
for (var i = 0; i < arguments.length; i++) {
if (!(arguments[i] instanceof Uint8Array))
throw new TypeError('unexpected type, use Uint8Array');
if (arguments[i] instanceof Object && typeof arguments[i].length === 'number') {
Copy link
Author

@steveluscher steveluscher Aug 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All that the implementation demands of the input is that:

  • it be indexable
  • it have a length property

You don't have to be a Uint8Array to offer those two guarantees.

for(var j = 0; j < arguments[i].length; j++) {
var value = arguments[i][j];
if (typeof value !== 'number' || value < 0 || value > 255) {
break;
}
Comment on lines +2189 to +2191
Copy link
Author

@steveluscher steveluscher Aug 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional assertion that the array only contains numeric values between 0–255.

}
continue;
}
throw new TypeError('unexpected type, expected an array-like object with numerical values between 0-255');
}
}

Expand Down Expand Up @@ -2247,7 +2277,7 @@ nacl.box.keyPair = function() {
var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);
crypto_box_keypair(pk, sk);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.box.keyPair.fromSecretKey = function(secretKey) {
Expand All @@ -2256,7 +2286,7 @@ nacl.box.keyPair.fromSecretKey = function(secretKey) {
throw new Error('bad secret key size');
var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
crypto_scalarmult_base(pk, secretKey);
return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
return key_arrays_to_keypair(pk, new Uint8Array(secretKey));
};

nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES;
Expand Down Expand Up @@ -2311,7 +2341,7 @@ nacl.sign.keyPair = function() {
var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
crypto_sign_keypair(pk, sk);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.sign.keyPair.fromSecretKey = function(secretKey) {
Expand All @@ -2320,7 +2350,7 @@ nacl.sign.keyPair.fromSecretKey = function(secretKey) {
throw new Error('bad secret key size');
var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];
return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
return key_arrays_to_keypair(pk, new Uint8Array(secretKey));
};

nacl.sign.keyPair.fromSeed = function(seed) {
Expand All @@ -2331,7 +2361,7 @@ nacl.sign.keyPair.fromSeed = function(seed) {
var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
for (var i = 0; i < 32; i++) sk[i] = seed[i];
crypto_sign_keypair(pk, sk, true);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
Expand Down
2 changes: 1 addition & 1 deletion nacl-fast.min.js
View file
Open in desktop

Large diffs are not rendered by default.

36 changes: 21 additions & 15 deletions nacl.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,26 @@ export as namespace nacl;
declare var nacl: nacl;
export = nacl;

declare const tag: unique symbol;
type EightBitNumber = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255;
type Key = ReadonlyArray<EightBitNumber>;
type PublicKey = ReadonlyArray<EightBitNumber> & { readonly [tag]: 'PublicKey' }
type SecretKey = ReadonlyArray<EightBitNumber> & { readonly [tag]: 'SecretKey' }
Comment on lines +11 to +12
Copy link
Author

@steveluscher steveluscher Aug 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opaque types! Read more here: https://stackoverflow.com/a/56749647/802047


declare namespace nacl {
export interface BoxKeyPair {
publicKey: Uint8Array;
secretKey: Uint8Array;
publicKey: PublicKey;
secretKey: SecretKey;
}

export interface SignKeyPair {
publicKey: Uint8Array;
secretKey: Uint8Array;
publicKey: PublicKey;
secretKey: SecretKey;
}

export interface secretbox {
(msg: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array;
open(box: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array | null;
(msg: Uint8Array, nonce: Uint8Array, key: Key): Uint8Array;
open(box: Uint8Array, nonce: Uint8Array, key: Key): Uint8Array | null;
readonly keyLength: number;
readonly nonceLength: number;
readonly overheadLength: number;
Expand All @@ -33,8 +39,8 @@ declare namespace nacl {

namespace boxProps {
export interface open {
(msg: Uint8Array, nonce: Uint8Array, publicKey: Uint8Array, secretKey: Uint8Array): Uint8Array | null;
after(box: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array | null;
(msg: Uint8Array, nonce: Uint8Array, publicKey: PublicKey, secretKey: SecretKey): Uint8Array | null;
after(box: Uint8Array, nonce: Uint8Array, key: Key): Uint8Array | null;
}

export interface keyPair {
Expand All @@ -44,9 +50,9 @@ declare namespace nacl {
}

export interface box {
(msg: Uint8Array, nonce: Uint8Array, publicKey: Uint8Array, secretKey: Uint8Array): Uint8Array;
before(publicKey: Uint8Array, secretKey: Uint8Array): Uint8Array;
after(msg: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array;
(msg: Uint8Array, nonce: Uint8Array, publicKey: PublicKey, secretKey: SecretKey): Uint8Array;
before(publicKey: PublicKey, secretKey: SecretKey): Uint8Array;
after(msg: Uint8Array, nonce: Uint8Array, key: Key): Uint8Array;
open: boxProps.open;
keyPair: boxProps.keyPair;
readonly publicKeyLength: number;
Expand All @@ -58,8 +64,8 @@ declare namespace nacl {

namespace signProps {
export interface detached {
(msg: Uint8Array, secretKey: Uint8Array): Uint8Array;
verify(msg: Uint8Array, sig: Uint8Array, publicKey: Uint8Array): boolean;
(msg: Uint8Array, secretKey: SecretKey): Uint8Array;
verify(msg: Uint8Array, sig: Uint8Array, publicKey: PublicKey): boolean;
}

export interface keyPair {
Expand All @@ -70,8 +76,8 @@ declare namespace nacl {
}

export interface sign {
(msg: Uint8Array, secretKey: Uint8Array): Uint8Array;
open(signedMsg: Uint8Array, publicKey: Uint8Array): Uint8Array | null;
(msg: Uint8Array, secretKey: SecretKey): Uint8Array;
open(signedMsg: Uint8Array, publicKey: PublicKey): Uint8Array | null;
detached: signProps.detached;
keyPair: signProps.keyPair;
readonly publicKeyLength: number;
Expand Down
44 changes: 37 additions & 7 deletions nacl.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,28 @@ function crypto_core_hsalsa20(out,inp,k,c) {
return 0;
}

function key_arrays_to_keypair(pk, sk) {
var pkArray, skArray;
return Object.defineProperties({}, {
publicKey: {
get: function() {
if (pkArray === undefined) {
pkArray = Object.freeze(Array.from(pk));
}
return pkArray;
}
},
secretKey: {
get: function() {
if (skArray === undefined) {
skArray = Object.freeze(Array.from(sk));
}
return skArray;
}
}
});
}

var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);
// "expand 32-byte k"

Expand Down Expand Up @@ -948,8 +970,16 @@ function checkBoxLengths(pk, sk) {

function checkArrayTypes() {
for (var i = 0; i < arguments.length; i++) {
if (!(arguments[i] instanceof Uint8Array))
throw new TypeError('unexpected type, use Uint8Array');
if (arguments[i] instanceof Object && typeof arguments[i].length === 'number') {
for(var j = 0; j < arguments[i].length; j++) {
var value = arguments[i][j];
if (typeof value !== 'number' || value < 0 || value > 255) {
break;
}
}
continue;
}
throw new TypeError('unexpected type, expected an array-like object with numerical values between 0-255');
}
}

Expand Down Expand Up @@ -1034,7 +1064,7 @@ nacl.box.keyPair = function() {
var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);
crypto_box_keypair(pk, sk);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.box.keyPair.fromSecretKey = function(secretKey) {
Expand All @@ -1043,7 +1073,7 @@ nacl.box.keyPair.fromSecretKey = function(secretKey) {
throw new Error('bad secret key size');
var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
crypto_scalarmult_base(pk, secretKey);
return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
return key_arrays_to_keypair(pk, new Uint8Array(secretKey));
};

nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES;
Expand Down Expand Up @@ -1098,7 +1128,7 @@ nacl.sign.keyPair = function() {
var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
crypto_sign_keypair(pk, sk);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.sign.keyPair.fromSecretKey = function(secretKey) {
Expand All @@ -1107,7 +1137,7 @@ nacl.sign.keyPair.fromSecretKey = function(secretKey) {
throw new Error('bad secret key size');
var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];
return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
return key_arrays_to_keypair(pk, new Uint8Array(secretKey));
};

nacl.sign.keyPair.fromSeed = function(seed) {
Expand All @@ -1118,7 +1148,7 @@ nacl.sign.keyPair.fromSeed = function(seed) {
var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
for (var i = 0; i < 32; i++) sk[i] = seed[i];
crypto_sign_keypair(pk, sk, true);
return {publicKey: pk, secretKey: sk};
return key_arrays_to_keypair(pk, sk);
};

nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
Expand Down
2 changes: 1 addition & 1 deletion nacl.min.js
View file
Open in desktop

Large diffs are not rendered by default.

82 changes: 41 additions & 41 deletions test/00-api.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,65 +5,65 @@ var nonce = new Uint8Array(nacl.secretbox.nonceLength);
var key = new Uint8Array(nacl.secretbox.keyLength);
var msg = new Uint8Array(10);

var arr = [1,2,3];
var str = '12345';

test('input type check', function(t) {
t.throws(function() { nacl.secretbox(arr, nonce, key); }, TypeError);
t.throws(function() { nacl.secretbox(msg, arr, key); }, TypeError);
t.throws(function() { nacl.secretbox(msg, nonce, arr); }, TypeError);
t.throws(function() { nacl.secretbox(str, nonce, key); }, TypeError);
t.throws(function() { nacl.secretbox(msg, str, key); }, TypeError);
t.throws(function() { nacl.secretbox(msg, nonce, str); }, TypeError);

t.throws(function() { nacl.secretbox.open(arr, nonce, key); }, TypeError);
t.throws(function() { nacl.secretbox.open(msg, arr, key); }, TypeError);
t.throws(function() { nacl.secretbox.open(msg, nonce, arr); }, TypeError);
t.throws(function() { nacl.secretbox.open(str, nonce, key); }, TypeError);
t.throws(function() { nacl.secretbox.open(msg, str, key); }, TypeError);
t.throws(function() { nacl.secretbox.open(msg, nonce, str); }, TypeError);

t.throws(function() { nacl.scalarMult(arr, key); }, TypeError);
t.throws(function() { nacl.scalarMult(key, arr); }, TypeError);
t.throws(function() { nacl.scalarMult(str, key); }, TypeError);
t.throws(function() { nacl.scalarMult(key, str); }, TypeError);

t.throws(function() { nacl.scalarMult.base(arr); }, TypeError);
t.throws(function() { nacl.scalarMult.base(str); }, TypeError);

t.throws(function() { nacl.box(arr, nonce, key, key); }, TypeError);
t.throws(function() { nacl.box(msg, arr, key, key); }, TypeError);
t.throws(function() { nacl.box(msg, nonce, arr, key); }, TypeError);
t.throws(function() { nacl.box(msg, nonce, key, arr); }, TypeError);
t.throws(function() { nacl.box(str, nonce, key, key); }, TypeError);
t.throws(function() { nacl.box(msg, str, key, key); }, TypeError);
t.throws(function() { nacl.box(msg, nonce, str, key); }, TypeError);
t.throws(function() { nacl.box(msg, nonce, key, str); }, TypeError);

t.throws(function() { nacl.box.open(arr, nonce, key, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, arr, key, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, nonce, arr, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, nonce, key, arr); }, TypeError);
t.throws(function() { nacl.box.open(str, nonce, key, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, str, key, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, nonce, str, key); }, TypeError);
t.throws(function() { nacl.box.open(msg, nonce, key, str); }, TypeError);

t.throws(function() { nacl.box.before(arr, key); }, TypeError);
t.throws(function() { nacl.box.before(key, arr); }, TypeError);
t.throws(function() { nacl.box.before(str, key); }, TypeError);
t.throws(function() { nacl.box.before(key, str); }, TypeError);

t.throws(function() { nacl.box.after(arr, nonce, key); }, TypeError);
t.throws(function() { nacl.box.after(msg, arr, key); }, TypeError);
t.throws(function() { nacl.box.after(msg, nonce, arr); }, TypeError);
t.throws(function() { nacl.box.after(str, nonce, key); }, TypeError);
t.throws(function() { nacl.box.after(msg, str, key); }, TypeError);
t.throws(function() { nacl.box.after(msg, nonce, str); }, TypeError);

t.throws(function() { nacl.box.open.after(arr, nonce, key); }, TypeError);
t.throws(function() { nacl.box.open.after(msg, arr, key); }, TypeError);
t.throws(function() { nacl.box.open.after(msg, nonce, arr); }, TypeError);
t.throws(function() { nacl.box.open.after(str, nonce, key); }, TypeError);
t.throws(function() { nacl.box.open.after(msg, str, key); }, TypeError);
t.throws(function() { nacl.box.open.after(msg, nonce, str); }, TypeError);

t.throws(function() { nacl.box.keyPair.fromSecretKey(arr); }, TypeError);
t.throws(function() { nacl.box.keyPair.fromSecretKey(str); }, TypeError);

t.throws(function() { nacl.sign(arr, key); }, TypeError);
t.throws(function() { nacl.sign(msg, arr); }, TypeError);
t.throws(function() { nacl.sign(str, key); }, TypeError);
t.throws(function() { nacl.sign(msg, str); }, TypeError);

t.throws(function() { nacl.sign.open(arr, key); }, TypeError);
t.throws(function() { nacl.sign.open(msg, arr); }, TypeError);
t.throws(function() { nacl.sign.open(str, key); }, TypeError);
t.throws(function() { nacl.sign.open(msg, str); }, TypeError);

t.throws(function() { nacl.sign.detached(arr, key); }, TypeError);
t.throws(function() { nacl.sign.detached(msg, arr); }, TypeError);
t.throws(function() { nacl.sign.detached(str, key); }, TypeError);
t.throws(function() { nacl.sign.detached(msg, str); }, TypeError);

t.throws(function() { nacl.sign.detached.verify(arr, key, key); }, TypeError);
t.throws(function() { nacl.sign.detached.verify(msg, arr, key); }, TypeError);
t.throws(function() { nacl.sign.detached.verify(msg, key, arr); }, TypeError);
t.throws(function() { nacl.sign.detached.verify(str, key, key); }, TypeError);
t.throws(function() { nacl.sign.detached.verify(msg, str, key); }, TypeError);
t.throws(function() { nacl.sign.detached.verify(msg, key, str); }, TypeError);

t.throws(function() { nacl.sign.keyPair.fromSecretKey(arr); }, TypeError);
t.throws(function() { nacl.sign.keyPair.fromSeed(arr); }, TypeError);
t.throws(function() { nacl.sign.keyPair.fromSecretKey(str); }, TypeError);
t.throws(function() { nacl.sign.keyPair.fromSeed(str); }, TypeError);

t.throws(function() { nacl.hash(arr); }, TypeError);
t.throws(function() { nacl.hash(str); }, TypeError);

t.throws(function() { nacl.verify(arr, msg); }, TypeError);
t.throws(function() { nacl.verify(msg, arr); }, TypeError);
t.throws(function() { nacl.verify(str, msg); }, TypeError);
t.throws(function() { nacl.verify(msg, str); }, TypeError);

t.end();
});
Expand Down
1 change: 0 additions & 1 deletion test/07-hash.quick.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ test('nacl.hash length', function(t) {

test('nacl.hash exceptions for bad types', function(t) {
t.throws(function() { nacl.hash('string'); }, TypeError, 'should throw TypeError for string type');
t.throws(function() { nacl.hash([1,2,3]); }, TypeError, 'should throw TypeError for array type');
t.end();
});

Expand Down