weierstrass, hash-to-curve: ensure to use utils.isBytes everywhere

This commit is contained in:
Paul Miller 2023-12-10 22:27:15 +00:00
parent 9db14fc6d0
commit 26a4fd4293
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
2 changed files with 14 additions and 13 deletions

@ -1,7 +1,8 @@
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
import type { Group, GroupConstructor, AffinePoint } from './curve.js'; import type { Group, GroupConstructor, AffinePoint } from './curve.js';
import { mod, IField } from './modular.js'; import { mod, IField } from './modular.js';
import { bytesToNumberBE, CHash, concatBytes, utf8ToBytes, validateObject } from './utils.js'; import type { CHash } from './utils.js';
import { bytesToNumberBE, isBytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
/** /**
* * `DST` is a domain separation tag, defined in section 2.2.5 * * `DST` is a domain separation tag, defined in section 2.2.5
@ -22,7 +23,7 @@ export type Opts = {
}; };
function validateDST(dst: UnicodeOrBytes): Uint8Array { function validateDST(dst: UnicodeOrBytes): Uint8Array {
if (dst instanceof Uint8Array) return dst; if (isBytes(dst)) return dst;
if (typeof dst === 'string') return utf8ToBytes(dst); if (typeof dst === 'string') return utf8ToBytes(dst);
throw new Error('DST must be Uint8Array or string'); throw new Error('DST must be Uint8Array or string');
} }
@ -51,8 +52,8 @@ function strxor(a: Uint8Array, b: Uint8Array): Uint8Array {
return arr; return arr;
} }
function isBytes(item: unknown): void { function abytes(item: unknown): void {
if (!(item instanceof Uint8Array)) throw new Error('Uint8Array expected'); if (!isBytes(item)) throw new Error('Uint8Array expected');
} }
function isNum(item: unknown): void { function isNum(item: unknown): void {
if (!Number.isSafeInteger(item)) throw new Error('number expected'); if (!Number.isSafeInteger(item)) throw new Error('number expected');
@ -66,8 +67,8 @@ export function expand_message_xmd(
lenInBytes: number, lenInBytes: number,
H: CHash H: CHash
): Uint8Array { ): Uint8Array {
isBytes(msg); abytes(msg);
isBytes(DST); abytes(DST);
isNum(lenInBytes); isNum(lenInBytes);
// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3 // https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
if (DST.length > 255) DST = H(concatBytes(utf8ToBytes('H2C-OVERSIZE-DST-'), DST)); if (DST.length > 255) DST = H(concatBytes(utf8ToBytes('H2C-OVERSIZE-DST-'), DST));
@ -100,8 +101,8 @@ export function expand_message_xof(
k: number, k: number,
H: CHash H: CHash
): Uint8Array { ): Uint8Array {
isBytes(msg); abytes(msg);
isBytes(DST); abytes(DST);
isNum(lenInBytes); isNum(lenInBytes);
// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3 // https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
// DST = H('H2C-OVERSIZE-DST-' || a_very_long_DST, Math.ceil((lenInBytes * k) / 8)); // DST = H('H2C-OVERSIZE-DST-' || a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
@ -139,7 +140,7 @@ export function hash_to_field(msg: Uint8Array, count: number, options: Opts): bi
hash: 'hash', hash: 'hash',
}); });
const { p, k, m, hash, expand, DST: _DST } = options; const { p, k, m, hash, expand, DST: _DST } = options;
isBytes(msg); abytes(msg);
isNum(count); isNum(count);
const DST = validateDST(_DST); const DST = validateDST(_DST);
const log2p = p.toString(2).length; const log2p = p.toString(2).length;

@ -158,7 +158,7 @@ export const DER = {
// parse DER signature // parse DER signature
const { Err: E } = DER; const { Err: E } = DER;
const data = typeof hex === 'string' ? h2b(hex) : hex; const data = typeof hex === 'string' ? h2b(hex) : hex;
if (!(data instanceof Uint8Array)) throw new Error('ui8a expected'); if (!ut.isBytes(data)) throw new Error('ui8a expected');
let l = data.length; let l = data.length;
if (l < 2 || data[0] != 0x30) throw new E('Invalid signature tag'); if (l < 2 || data[0] != 0x30) throw new E('Invalid signature tag');
if (data[1] !== l - 2) throw new E('Invalid signature: incorrect length'); if (data[1] !== l - 2) throw new E('Invalid signature: incorrect length');
@ -238,7 +238,7 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>): CurvePointsRes<T
function normPrivateKeyToScalar(key: PrivKey): bigint { function normPrivateKeyToScalar(key: PrivKey): bigint {
const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE; const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
if (lengths && typeof key !== 'bigint') { if (lengths && typeof key !== 'bigint') {
if (key instanceof Uint8Array) key = ut.bytesToHex(key); if (ut.isBytes(key)) key = ut.bytesToHex(key);
// Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes
if (typeof key !== 'string' || !lengths.includes(key.length)) throw new Error('Invalid key'); if (typeof key !== 'string' || !lengths.includes(key.length)) throw new Error('Invalid key');
key = key.padStart(nByteLength * 2, '0'); key = key.padStart(nByteLength * 2, '0');
@ -893,7 +893,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
* Quick and dirty check for item being public key. Does not validate hex, or being on-curve. * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.
*/ */
function isProbPub(item: PrivKey | PubKey): boolean { function isProbPub(item: PrivKey | PubKey): boolean {
const arr = item instanceof Uint8Array; const arr = ut.isBytes(item);
const str = typeof item === 'string'; const str = typeof item === 'string';
const len = (arr || str) && (item as Hex).length; const len = (arr || str) && (item as Hex).length;
if (arr) return len === compressedLen || len === uncompressedLen; if (arr) return len === compressedLen || len === uncompressedLen;
@ -1057,7 +1057,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
let _sig: Signature | undefined = undefined; let _sig: Signature | undefined = undefined;
let P: ProjPointType<bigint>; let P: ProjPointType<bigint>;
try { try {
if (typeof sg === 'string' || sg instanceof Uint8Array) { if (typeof sg === 'string' || ut.isBytes(sg)) {
// Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length). // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).
// Since DER can also be 2*nByteLength bytes, we check for it first. // Since DER can also be 2*nByteLength bytes, we check for it first.
try { try {