common: refine utils/noble. (#659)

* common: separate hash related definitions from noble.ts to hash.ts.

* common: add __PURE__ just in case.

* common: define common BigInt constants.

* common: remove prettier-ignore.

Author: dajiaji

packages/common/mod.ts

@@ -53,5 +53,6 @@ export { hmac } from "./src/hash/hmac.ts";
 export { sha256, sha384, sha512 } from "./src/hash/sha2.ts";
 export { sha3_256, sha3_512, shake128, shake256 } from "./src/hash/sha3.ts";
 
+export type { CHash, CHashXOF } from "./src/hash/hash.ts";
 export { mod, pow2 } from "./src/curve/modular.ts";
 export { montgomery, type MontgomeryECDH } from "./src/curve/montgomery.ts";

packages/common/src/consts.ts

@@ -7,4 +7,13 @@ export const INFO_LENGTH_LIMIT = 65536;
 export const MINIMUM_PSK_LENGTH = 32;
 
 // b""
-export const EMPTY: Uint8Array = new Uint8Array(0);
+export const EMPTY: Uint8Array = /* @__PURE__ */ new Uint8Array(0);
+
+// Common BigInt constants
+export const N_0 = /* @__PURE__ */ BigInt(0);
+export const N_1 = /* @__PURE__ */ BigInt(1);
+export const N_2 = /* @__PURE__ */ BigInt(2);
+export const N_7 = /* @__PURE__ */ BigInt(7);
+export const N_32 = /* @__PURE__ */ BigInt(32);
+export const N_256 = /* @__PURE__ */ BigInt(256);
+export const N_0x71 = /* @__PURE__ */ BigInt(0x71);

packages/common/src/curve/modular.ts

@@ -15,20 +15,20 @@
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 
+import { N_0 } from "../consts.ts";
+
 // Numbers aren't used in x25519 / x448 builds
-// prettier-ignore
-const _0n = /* @__PURE__ */ BigInt(0);
 
 // Calculates a modulo b
 export function mod(a: bigint, b: bigint): bigint {
   const result = a % b;
-  return result >= _0n ? result : b + result;
+  return result >= N_0 ? result : b + result;
 }
 
 /** Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` */
 export function pow2(x: bigint, power: bigint, modulo: bigint): bigint {
   let res = x;
-  while (power-- > _0n) {
+  while (power-- > N_0) {
     res *= res;
     res %= modulo;
   }

packages/common/src/curve/montgomery.ts

@@ -26,10 +26,7 @@ import {
 } from "../utils/noble.ts";
 import { createKeygen, type CurveLengths } from "./curve.ts";
 import { mod } from "./modular.ts";
-
-const _0n = BigInt(0);
-const _1n = BigInt(1);
-const _2n = BigInt(2);
+import { N_0, N_1, N_2 } from "../consts.ts";
 
 export type CurveType = {
   P: bigint; // finite field prime
@@ -83,11 +80,11 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
   // RFC: x25519 "the resulting integer is of the form 2^254 plus
   // eight times a value between 0 and 2^251 - 1 (inclusive)"
   // x448: "2^447 plus four times a value between 0 and 2^445 - 1 (inclusive)"
-  const minScalar = is25519 ? _2n ** BigInt(254) : _2n ** BigInt(447);
+  const minScalar = is25519 ? N_2 ** BigInt(254) : N_2 ** BigInt(447);
   const maxAdded = is25519
-    ? BigInt(8) * _2n ** BigInt(251) - _1n
-    : BigInt(4) * _2n ** BigInt(445) - _1n;
-  const maxScalar = minScalar + maxAdded + _1n; // (inclusive)
+    ? BigInt(8) * N_2 ** BigInt(251) - N_1
+    : BigInt(4) * N_2 ** BigInt(445) - N_1;
+  const maxScalar = minScalar + maxAdded + N_1; // (inclusive)
   const modP = (n: bigint) => mod(n, P);
   const GuBytes = encodeU(Gu);
   function encodeU(u: bigint): Uint8Array {
@@ -114,7 +111,7 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
     // Some public keys are useless, of low-order. Curve author doesn't think
     // it needs to be validated, but we do it nonetheless.
     // https://cr.yp.to/ecdh.html#validate
-    if (pu === _0n) throw new Error("invalid private or public key received");
+    if (pu === N_0) throw new Error("invalid private or public key received");
     return encodeU(pu);
   }
   // Computes public key from private. By doing scalar multiplication of base point.
@@ -146,17 +143,17 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
    * @returns new Point on Montgomery curve
    */
   function montgomeryLadder(u: bigint, scalar: bigint): bigint {
-    aInRange("u", u, _0n, P);
+    aInRange("u", u, N_0, P);
     aInRange("scalar", scalar, minScalar, maxScalar);
     const k = scalar;
     const x_1 = u;
-    let x_2 = _1n;
-    let z_2 = _0n;
+    let x_2 = N_1;
+    let z_2 = N_0;
     let x_3 = u;
-    let z_3 = _1n;
-    let swap = _0n;
-    for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {
-      const k_t = (k >> t) & _1n;
+    let z_3 = N_1;
+    let swap = N_0;
+    for (let t = BigInt(montgomeryBits - 1); t >= N_0; t--) {
+      const k_t = (k >> t) & N_1;
       swap ^= k_t;
       ({ x_2, x_3 } = cswap(swap, x_2, x_3));
       ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
@@ -180,7 +177,7 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
     }
     ({ x_2, x_3 } = cswap(swap, x_2, x_3));
     ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
-    const z2 = powPminus2(z_2); // `Fp.pow(x, P - _2n)` is much slower equivalent
+    const z2 = powPminus2(z_2); // `Fp.pow(x, P - N_2)` is much slower equivalent
     return modP(x_2 * z2); // Return x_2 * (z_2^(p - 2))
   }
   const lengths = {

packages/common/src/hash/hash.ts

@@ -0,0 +1,125 @@
+/**
+ * This file is based on noble-curves (https://github.com/paulmillr/noble-curves).
+ *
+ * noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com)
+ *
+ * The original file is located at:
+ * https://github.com/paulmillr/noble-curves/blob/b9d49d2b41d550571a0c5be443ecb62109fa3373/src/utils.ts
+ */
+
+/**
+ * Hash utilities and type definitions extracted from noble.ts
+ * @module
+ */
+
+import { anumber } from "../utils/noble.ts";
+
+export interface Hash<T> {
+  blockLen: number; // Bytes per block
+  outputLen: number; // Bytes in output
+  update(buf: Uint8Array): this;
+  digestInto(buf: Uint8Array): void;
+  digest(): Uint8Array;
+  destroy(): void;
+  _cloneInto(to?: T): T;
+  clone(): T;
+}
+
+export interface HashInfo {
+  /** DER encoded OID in bytes */
+  oid?: Uint8Array;
+}
+
+/**
+ * Hash function interface with callable signature and properties
+ * @template T - The Hash implementation type
+ * @template Opts - Optional parameters type (undefined for simple hashes)
+ *
+ * Note: Default type parameter uses `any` due to TypeScript's limitations with
+ * F-bounded polymorphism in self-referential type constraints.
+ * This is a necessary compromise for the circular type dependency in Hash<T>.
+ */
+// deno-lint-ignore no-explicit-any
+export interface CHash<T extends Hash<T> = Hash<any>, Opts = undefined>
+  extends HashInfo {
+  /** Output length in bytes */
+  readonly outputLen: number;
+  /** Block length in bytes */
+  readonly blockLen: number;
+
+  /**
+   * Hash a message
+   * @param msg - Message to hash
+   * @param opts - Optional parameters (only for hashes that support options)
+   */
+  (msg: Uint8Array, opts?: Opts): Uint8Array;
+
+  /**
+   * Create a new hash instance
+   * @param opts - Optional parameters (only for hashes that support options)
+   */
+  create(opts?: Opts): T;
+}
+
+/**
+ * XOF: streaming API to read digest in chunks.
+ * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.
+ * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot
+ * destroy state, next call can require more bytes.
+ * @template T - The Hash implementation type
+ */
+export interface HashXOF<T extends Hash<T>> extends Hash<T> {
+  /** Read 'bytes' bytes from digest stream */
+  xof(bytes: number): Uint8Array;
+  /** Read buf.length bytes from digest stream into buf */
+  xofInto(buf: Uint8Array): Uint8Array;
+}
+
+/**
+ * Hash constructor function type
+ * @template T - The Hash implementation type
+ * @template Opts - Optional parameters type (undefined for simple hashes)
+ */
+export type HasherCons<T, Opts = undefined> = Opts extends undefined ? () => T
+  : (opts?: Opts) => T;
+
+/**
+ * XOF (eXtendable Output Function) interface
+ * Extended hash function that can produce output of arbitrary length
+ *
+ * Note: Default type parameter uses `any` due to TypeScript's limitations with
+ * F-bounded polymorphism in self-referential type constraints.
+ * This is a necessary compromise for the circular type dependency in HashXOF<T>.
+ */
+// deno-lint-ignore no-explicit-any
+export interface CHashXOF<T extends HashXOF<T> = HashXOF<any>, Opts = undefined>
+  extends CHash<T, Opts> {
+}
+
+/** Asserts something is hash */
+export function ahash(h: CHash): void {
+  if (typeof h !== "function" || typeof h.create !== "function") {
+    throw new Error("Hash must wrapped by utils.createHasher");
+  }
+  anumber(h.outputLen);
+  anumber(h.blockLen);
+}
+
+export function createHasher<T extends Hash<T>, Opts = undefined>(
+  hashCons: HasherCons<T, Opts>,
+  info: HashInfo = {},
+): CHash<T, Opts> {
+  const hashFn = (msg: Uint8Array, opts?: Opts) =>
+    hashCons(opts).update(msg).digest();
+
+  const tmp = hashCons(undefined);
+
+  const hashC = Object.assign(hashFn, {
+    outputLen: tmp.outputLen,
+    blockLen: tmp.blockLen,
+    create: (opts?: Opts) => hashCons(opts),
+    ...info,
+  }) as CHash<T, Opts>;
+
+  return Object.freeze(hashC);
+}

packages/common/src/hash/hmac.ts

@@ -11,14 +11,8 @@
  * HMAC: RFC2104 message authentication code.
  * @module
  */
-import {
-  abytes,
-  aexists,
-  ahash,
-  type CHash,
-  clean,
-  type Hash,
-} from "../utils/noble.ts";
+import { abytes, aexists, clean } from "../utils/noble.ts";
+import { ahash, type CHash, type Hash } from "./hash.ts";
 
 export class _HMAC<T extends Hash<T>> implements Hash<_HMAC<T>> {
   oHash: T;

packages/common/src/hash/md.ts

@@ -11,14 +11,8 @@
  * Internal Merkle-Damgard hash utils.
  * @module
  */
-import {
-  abytes,
-  aexists,
-  aoutput,
-  clean,
-  createView,
-  type Hash,
-} from "../utils/noble.ts";
+import { abytes, aexists, aoutput, clean, createView } from "../utils/noble.ts";
+import type { Hash } from "./hash.ts";
 
 /** Choice: a ? b : c */
 export function Chi(a: number, b: number, c: number): number {

packages/common/src/hash/sha2.ts

@@ -15,19 +15,13 @@
  */
 import { Chi, HashMD, Maj, SHA256_IV, SHA384_IV, SHA512_IV } from "./md.ts";
 import * as u64 from "./u64.ts";
-import {
-  type CHash,
-  clean,
-  createHasher,
-  oidNist,
-  rotr,
-} from "../utils/noble.ts";
+import { clean, oidNist, rotr } from "../utils/noble.ts";
+import { type CHash, createHasher } from "./hash.ts";
 
 /**
  * Round constants:
  * First 32 bits of fractional parts of the cube roots of the first 64 primes 2..311)
  */
-// prettier-ignore
 const SHA256_K = /* @__PURE__ */ Uint32Array.from([
   0x428a2f98,
   0x71374491,
@@ -127,7 +121,6 @@ abstract class SHA2_32B<T extends SHA2_32B<T>> extends HashMD<T> {
     const { A, B, C, D, E, F, G, H } = this;
     return [A, B, C, D, E, F, G, H];
   }
-  // prettier-ignore
   protected set(
     A: number,
     B: number,
@@ -216,7 +209,6 @@ export class _SHA256 extends SHA2_32B<_SHA256> {
 
 // Round contants
 // First 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409
-// prettier-ignore
 const K512 = /* @__PURE__ */ (() =>
   u64.split([
     "0x428a2f98d728ae22",
@@ -332,7 +324,6 @@ abstract class SHA2_64B<T extends SHA2_64B<T>> extends HashMD<T> {
   constructor(outputLen: number) {
     super(128, outputLen, 16, false);
   }
-  // prettier-ignore
   protected get(): [
     number,
     number,
@@ -355,7 +346,6 @@ abstract class SHA2_64B<T extends SHA2_64B<T>> extends HashMD<T> {
       this;
     return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
   }
-  // prettier-ignore
   protected set(
     Ah: number,
     Al: number,
@@ -437,7 +427,6 @@ abstract class SHA2_64B<T extends SHA2_64B<T>> extends HashMD<T> {
       const CHIh = (Eh & Fh) ^ (~Eh & Gh);
       const CHIl = (El & Fl) ^ (~El & Gl);
       // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]
-      // prettier-ignore
       const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
       const T1h = u64.add5H(
         T1ll,

packages/common/src/hash/sha3.ts

@@ -24,45 +24,42 @@ import {
   aexists,
   anumber,
   aoutput,
+  clean,
+  oidNist,
+  swap32IfBE,
+  u32,
+} from "../utils/noble.ts";
+import {
   type CHash,
   type CHashXOF,
-  clean,
   createHasher,
   type Hash,
   type HashInfo,
   type HashXOF,
-  oidNist,
-  swap32IfBE,
-  u32,
-} from "../utils/noble.ts";
+} from "./hash.ts";
+import { N_0, N_0x71, N_1, N_2, N_256, N_7 } from "../consts.ts";
 
 // No __PURE__ annotations in sha3 header:
 // EVERYTHING is in fact used on every export.
 // Various per round constants calculations
-const _0n = BigInt(0);
-const _1n = BigInt(1);
-const _2n = BigInt(2);
-const _7n = BigInt(7);
-const _256n = BigInt(256);
-const _0x71n = BigInt(0x71);
 const SHA3_PI: number[] = [];
 const SHA3_ROTL: number[] = [];
 const _SHA3_IOTA: bigint[] = []; // no pure annotation: var is always used
-for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+for (let round = 0, R = N_1, x = 1, y = 0; round < 24; round++) {
   // Pi
   [x, y] = [y, (2 * x + 3 * y) % 5];
   SHA3_PI.push(2 * (5 * y + x));
   // Rotational
   SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
   // Iota
-  let t = _0n;
+  let t = N_0;
   for (let j = 0; j < 7; j++) {
-    R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;
-    if (R & _2n) t ^= _1n << ((_1n << BigInt(j)) - _1n);
+    R = ((R << N_1) ^ ((R >> N_7) * N_0x71)) % N_256;
+    if (R & N_2) t ^= N_1 << ((N_1 << BigInt(j)) - N_1);
   }
   _SHA3_IOTA.push(t);
 }
-const IOTAS = split(_SHA3_IOTA, true);
+const IOTAS = /* @__PURE__ */ split(_SHA3_IOTA, true);
 const SHA3_IOTA_H = IOTAS[0];
 const SHA3_IOTA_L = IOTAS[1];