futur.blue / pegasus
objective categorical abstract machine language personal data server
67
fork

Configure Feed

Select the types of activity you want to include in your feed.

Use digestif for SHA256 hmac

futur.blue 96aee84f b62e14c6

verified
+13 -39
+13 -39
kleidos/rfc6979.ml
··· 31 31 32 32 (* bits2int for qbits=256 (leftmost 256 bits is whole 32 bytes here) *) 33 33 let bits2int_256 (bs : bytes) : Z.t = 34 - (* If bs > 32 bytes (not the case here), we'd truncate *) 34 + (* if bs > 32 bytes (not the case here), we'd truncate *) 35 35 let len = Bytes.length bs in 36 36 let take = if len <= 32 then len else 32 in 37 37 let acc = ref Z.zero in ··· 50 50 let z2 = Z.(z1 mod q) in 51 51 z_to_bytes32 z2 52 52 53 - (* hmac sha256 using only hash function *) 54 - let hmac_sha256 ~(hash : bytes -> bytes) ~(key : bytes) (data : bytes) : bytes = 55 - let block_size = 64 in 56 - let key0 = if Bytes.length key > block_size then hash key else key in 57 - let key_block = 58 - if Bytes.length key0 = block_size then key0 59 - else 60 - let b = Bytes.make block_size '\x00' in 61 - Bytes.blit key0 0 b 0 (Bytes.length key0) ; 62 - b 63 - in 64 - let ipad = 0x36 and opad = 0x5c in 65 - let inner_pad = Bytes.create block_size 66 - and outer_pad = Bytes.create block_size in 67 - for i = 0 to block_size - 1 do 68 - let kc = Char.code (Bytes.get key_block i) in 69 - Bytes.set inner_pad i (Char.chr (kc lxor ipad)) ; 70 - Bytes.set outer_pad i (Char.chr (kc lxor opad)) 71 - done ; 72 - let concat a b = 73 - let out = Bytes.create (Bytes.length a + Bytes.length b) in 74 - Bytes.blit a 0 out 0 (Bytes.length a) ; 75 - Bytes.blit b 0 out (Bytes.length a) (Bytes.length b) ; 76 - out 77 - in 78 - let inner = hash (concat inner_pad data) in 79 - hash (concat outer_pad inner) 80 - 81 53 (* returns 32-byte k for given order q *) 82 54 let rfc6979_k_256_bytes ~(q : Z.t) ~(privkey : bytes) ~(msg : bytes) : bytes = 83 55 if Bytes.length privkey <> 32 then invalid_arg "privkey must be 32 bytes" ; 84 56 let x = bytes32_to_z privkey in 85 57 if x <= Z.zero || x >= q then invalid_arg "privkey scalar out of range" ; 86 - let module H = Hacl_star.Hacl.SHA2_256 in 87 - let hash = H.hash in 88 - let hmac = hmac_sha256 ~hash in 58 + let hash = Hacl_star.Hacl.SHA2_256.hash in 89 59 let h1 = hash msg in 90 60 (* 32-byte SHA-256 digest *) 91 61 let x_octets = privkey in ··· 104 74 0 parts ; 105 75 out 106 76 in 77 + let hmac k v = 78 + Digestif.SHA256.(hmac_bytes ~key:(Bytes.to_string k) v |> to_raw_string) 79 + |> Bytes.of_string 80 + in 107 81 (* step: K = HMAC_K(V || 0x00 || x || h1); V = HMAC_K(V) *) 108 - let k = hmac ~key:k (concat [v; Bytes.of_string "\x00"; x_octets; h1_red]) in 109 - let v = hmac ~key:k v in 82 + let k = hmac k (concat [v; Bytes.of_string "\x00"; x_octets; h1_red]) in 83 + let v = hmac k v in 110 84 (* step: K = HMAC_K(V || 0x01 || x || h1); V = HMAC_K(V) *) 111 - let k = hmac ~key:k (concat [v; Bytes.of_string "\x01"; x_octets; h1_red]) in 112 - let v = hmac ~key:k v in 85 + let k = hmac k (concat [v; Bytes.of_string "\x01"; x_octets; h1_red]) in 86 + let v = hmac k v in 113 87 (* loop *) 114 88 let rec loop k v = 115 89 (* a. V = HMAC_K(V) *) 116 - let v = hmac ~key:k v in 90 + let v = hmac k v in 117 91 let t = v in 118 92 let k_candidate = bits2int_256 t in 119 93 if Z.(k_candidate >= one && k_candidate < q) then t 120 94 else 121 95 (* K = HMAC_K(V || 0x00); V = HMAC_K(V) *) 122 - let k = hmac ~key:k (concat [v; Bytes.of_string "\x00"]) in 123 - let v = hmac ~key:k v in 96 + let k = hmac k (concat [v; Bytes.of_string "\x00"]) in 97 + let v = hmac k v in 124 98 loop k v 125 99 in 126 100 loop k v