Switch to HMAC-BLAKE2s

2023-02-06 17:34:15 +01:00 · 2023-02-06 17:34:15 +01:00 · 0c002036a4
parent 53b84db98e
commit 0c002036a4
6 changed files with 11 additions and 30 deletions
--- a/examples/example-simple-chat/server-config/standard-dataspace.pr
+++ b/examples/example-simple-chat/server-config/standard-dataspace.pr
@ -1,6 +1,6 @@
 let ?ds = dataspace

-; Connect using <route [<ws "...">] <ref "syndicate" [] #[pkgN9TBmEd3Q04grVG4Zdw]>>
+; Connect using <route [<ws "...">] <ref "syndicate" [] #[acowDB2/oI+6aSEC3YIxGg]>>
 <bind "syndicate" #x"" $ds>

 ; Connect using <route [<ws "...">] <noise { service: "syndicate", key: #x"21f6cd4e11e7e37711d6b3084ff18cded8fc8abf293aa47d43e8bb86dda65516" }>>
--- a/examples/example-simple-chat/src/index.ts
+++ b/examples/example-simple-chat/src/index.ts
@ -114,7 +114,7 @@ function setDataspaceAddress() {
        //         Sturdy.SturdyRef({
        //             "oid": "syndicate",
        //             "caveatChain": [],
-        //             "sig": Bytes.fromHex('a6480df5306611ddd0d3882b546e1977'),
+        //             "sig": Bytes.fromHex('69ca300c1dbfa08fba692102dd82311a'),
        //         }))],
        // }));
        //
--- a/packages/core/package.json
+++ b/packages/core/package.json
@ -30,6 +30,7 @@
  "author": "Tony Garnock-Jones <tonyg@leastfixedpoint.com>",
  "dependencies": {
    "@preserves/core": ">=0.20.2",
-    "@preserves/schema": ">=0.21.2"
+    "@preserves/schema": ">=0.21.2",
+    "salty-crypto": "0.3"
  }
 }
--- a/packages/core/src/transport/cryptography.ts
+++ b/packages/core/src/transport/cryptography.ts
@ -3,6 +3,7 @@

 import { Bytes, underlying } from '@preserves/core';
 import * as node_crypto from 'crypto';
+import { makeHMAC, BLAKE2s } from 'salty-crypto';

 export const KEY_LENGTH = 16; // 128 bits

@ -15,28 +16,8 @@ export const newKey: () => Promise<Bytes> =
    })
    : (async () => Bytes.from(node_crypto.randomBytes(KEY_LENGTH)));

-export const mac: (secretKey: Bytes, data: Bytes) => Promise<Bytes> =
-    (typeof crypto !== 'undefined' && 'subtle' in crypto)
-    ? (async (secretKey, data) => {
-        if (secretKey.length !== KEY_LENGTH) throw new Error("Invalid key length");
-        const k = await window.crypto.subtle.importKey(
-            "raw",
-            underlying(secretKey),
-            {
-                hash: 'SHA-256',
-                name: 'HMAC',
-            },
-            false,
-            ['sign']);
-        const bs = await window.crypto.subtle.sign({ name: 'HMAC' }, k, underlying(data));
-        return Bytes.from(new Uint8Array(bs, 0, KEY_LENGTH));
-    })
-    : (typeof node_crypto.createHmac !== 'undefined')
-    ? (async (secretKey, data) => {
-        const hmac = node_crypto.createHmac('sha256', underlying(secretKey));
-        hmac.update(underlying(data));
-        return Bytes.from(hmac.digest().subarray(0, KEY_LENGTH));
-    })
-    : (async (_secretKey, _data) => {
-        throw new Error('No HMAC SHA-256 available');
-    });
+const HMAC_BLAKE2s = makeHMAC(BLAKE2s);
+
+export async function mac(secretKey: Bytes, data: Bytes): Promise<Bytes> {
+    return Bytes.from(HMAC_BLAKE2s(underlying(secretKey), underlying(data)));
+}
--- a/packages/core/stubs/crypto.js
+++ b/packages/core/stubs/crypto.js
@ -2,4 +2,3 @@
 /// SPDX-FileCopyrightText: Copyright © 2016-2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>

 export const randomBytes = void 0;
-export const createHmac = void 0;
--- a/packages/create/template/src/index.ts
+++ b/packages/create/template/src/index.ts
@ -29,7 +29,7 @@ function bootApp(ds: Ref) {
                "transports": [fromJS(Schemas.transportAddress.WebSocket(
                    `ws://${document.location.hostname}:9001/`))],
                "steps": [wsRelay.Noise.RouteStep.GatekeeperStep(Sturdy.asSturdyRef(
-                    new Reader<Ref>('<ref "syndicate" [] #[pkgN9TBmEd3Q04grVG4Zdw==]>').next()))],
+                    new Reader<Ref>('<ref "syndicate" [] #[acowDB2/oI+6aSEC3YIxGg==]>').next()))],
            });

            during wsRelay.Resolved({