refactor: normalize bigint literals and reuse common helpers (#714)

Author: dajiaji

packages/chacha20poly1305/src/chacha/_poly1305.ts

@@ -47,16 +47,16 @@ function u8to16(a: Uint8Array, i: number) {
 // function poly1305_small(msg: Uint8Array, key: Uint8Array): Uint8Array {
 //   abytes(msg);
 //   abytes(key, 32, "key");
-//   const POW_2_130_5 = BigInt(2) ** BigInt(130) - BigInt(5); // 2^130-5
-//   const POW_2_128_1 = BigInt(2) ** BigInt(128) - BigInt(1); // 2^128-1
-//   const CLAMP_R = BigInt("0x0ffffffc0ffffffc0ffffffc0fffffff");
+//   const POW_2_130_5 = 2n ** 130n - 5n; // 2^130-5
+//   const POW_2_128_1 = 2n ** 128n - 1n; // 2^128-1
+//   const CLAMP_R = 0x0ffffffc0ffffffc0ffffffc0fffffffn;
 //   const r = bytesToNumberLE(key.subarray(0, 16)) & CLAMP_R;
 //   const s = bytesToNumberLE(key.subarray(16));
 //   // Process by 16 byte chunks
-//   let acc = BigInt(0);
+//   let acc = 0n;
 //   for (let i = 0; i < msg.length; i += 16) {
 //     const m = msg.subarray(i, i + 16);
-//     const n = bytesToNumberLE(m) | (BigInt(1) << BigInt(8 * m.length));
+//     const n = bytesToNumberLE(m) | (1n << (8n * mLen)); // mLen: bigint
 //     acc = ((acc + n) * r) % POW_2_130_5;
 //   }
 //   const res = (acc + s) & POW_2_128_1;

packages/chacha20poly1305/src/chacha/utils.ts

@@ -11,6 +11,9 @@
  * Utilities for hex, bytes, CSPRNG.
  * @module
  */
+import { hexToNumber, numberToBigint } from "@hpke/common";
+
+export { hexToNumber };
 
 /** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
 export function isBytes(a: unknown): a is Uint8Array {
@@ -187,14 +190,6 @@ export function hexToBytes(hex: string): Uint8Array {
   return array;
 }
 
-// Used in micro
-export function hexToNumber(hex: string): bigint {
-  if (typeof hex !== "string") {
-    throw new Error("hex string expected, got " + typeof hex);
-  }
-  return BigInt(hex === "" ? "0" : "0x" + hex); // Big Endian
-}
-
 // Used in ff1
 // BE: Big Endian, LE: Little Endian
 export function bytesToNumberBE(bytes: Uint8Array): bigint {
@@ -472,8 +467,8 @@ export function u64Lengths(
   abool(isLE);
   const num = new Uint8Array(16);
   const view = createView(num);
-  view.setBigUint64(0, BigInt(aadLength), isLE);
-  view.setBigUint64(8, BigInt(dataLength), isLE);
+  view.setBigUint64(0, numberToBigint(aadLength), isLE);
+  view.setBigUint64(8, numberToBigint(dataLength), isLE);
   return num;
 }
 

packages/common/mod.ts

@@ -50,6 +50,7 @@ export {
   loadSubtleCrypto,
   xor,
 } from "./src/utils/misc.ts";
+export { hexToNumber, numberToBigint } from "./src/utils/noble.ts";
 
 export { hmac } from "./src/hash/hmac.ts";
 export { sha256, sha384, sha512 } from "./src/hash/sha2.ts";

packages/common/src/consts.ts

@@ -10,10 +10,22 @@ export const MINIMUM_PSK_LENGTH = 32;
 export const EMPTY: Uint8Array = /* @__PURE__ */ new Uint8Array(0);
 
 // Common BigInt constants
-export const N_0 = /* @__PURE__ */ BigInt(0);
-export const N_1 = /* @__PURE__ */ BigInt(1);
-export const N_2 = /* @__PURE__ */ BigInt(2);
-export const N_7 = /* @__PURE__ */ BigInt(7);
-export const N_32 = /* @__PURE__ */ BigInt(32);
-export const N_256 = /* @__PURE__ */ BigInt(256);
-export const N_0x71 = /* @__PURE__ */ BigInt(0x71);
+export const N_0 = 0n;
+export const N_1 = 1n;
+export const N_2 = 2n;
+export const N_7 = 7n;
+export const N_32 = 32n;
+export const N_256 = 256n;
+export const N_0x71 = 0x71n;
+
+export const BYTE_TO_BIGINT_256: readonly bigint[] = /* @__PURE__ */ (() => {
+  const out = new Array<bigint>(256);
+  let i = 0;
+  let value = 0n;
+  while (i < 256) {
+    out[i] = value;
+    i++;
+    value += 1n;
+  }
+  return out;
+})();

packages/common/src/curve/montgomery.ts

@@ -69,21 +69,19 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
   if (!is25519 && type !== "x448") throw new Error("invalid type");
   const randomBytes_ = rand || randomBytesAsync;
 
-  const montgomeryBits = is25519 ? 255 : 448;
+  const montgomeryBits = is25519 ? 255n : 448n;
   const fieldLen = is25519 ? 32 : 56;
-  const Gu = is25519 ? BigInt(9) : BigInt(5);
+  const Gu = is25519 ? 9n : 5n;
   // RFC 7748 #5:
   // The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 and
   // (156326 - 2) / 4 = 39081 for curve448/X448
   // const a = is25519 ? 156326n : 486662n;
-  const a24 = is25519 ? BigInt(121665) : BigInt(39081);
+  const a24 = is25519 ? 121665n : 39081n;
   // RFC: x25519 "the resulting integer is of the form 2^254 plus
   // eight times a value between 0 and 2^251 - 1 (inclusive)"
   // x448: "2^447 plus four times a value between 0 and 2^445 - 1 (inclusive)"
-  const minScalar = is25519 ? N_2 ** BigInt(254) : N_2 ** BigInt(447);
-  const maxAdded = is25519
-    ? BigInt(8) * N_2 ** BigInt(251) - N_1
-    : BigInt(4) * N_2 ** BigInt(445) - N_1;
+  const minScalar = is25519 ? N_2 ** 254n : N_2 ** 447n;
+  const maxAdded = is25519 ? 8n * N_2 ** 251n - N_1 : 4n * N_2 ** 445n - N_1;
   const maxScalar = minScalar + maxAdded + N_1; // (inclusive)
   const modP = (n: bigint) => mod(n, P);
   const GuBytes = encodeU(Gu);
@@ -152,7 +150,7 @@ export function montgomery(curveDef: CurveType): MontgomeryECDH {
     let x_3 = u;
     let z_3 = N_1;
     let swap = N_0;
-    for (let t = BigInt(montgomeryBits - 1); t >= N_0; t--) {
+    for (let t = montgomeryBits - 1n; t >= N_0; t--) {
       const k_t = (k >> t) & N_1;
       swap ^= k_t;
       ({ x_2, x_3 } = cswap(swap, x_2, x_3));

packages/common/src/hash/md.ts

@@ -11,7 +11,14 @@
  * Internal Merkle-Damgard hash utils.
  * @module
  */
-import { abytes, aexists, aoutput, clean, createView } from "../utils/noble.ts";
+import {
+  abytes,
+  aexists,
+  aoutput,
+  clean,
+  createView,
+  numberToBigint,
+} from "../utils/noble.ts";
 import type { Hash } from "./hash.ts";
 
 /** Choice: a ? b : c */
@@ -111,7 +118,7 @@ export abstract class HashMD<T extends HashMD<T>> implements Hash<T> {
     // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
     // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
     // So we just write lowest 64 bits of that value.
-    view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
+    view.setBigUint64(blockLen - 8, numberToBigint(this.length * 8), isLE);
     this.process(view, 0);
     const oview = createView(out);
     const len = this.outputLen;

packages/common/src/hash/sha2.ts

@@ -211,87 +211,87 @@ export class _SHA256 extends SHA2_32B<_SHA256> {
 // First 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409
 const K512 = /* @__PURE__ */ (() =>
   u64.split([
-    "0x428a2f98d728ae22",
-    "0x7137449123ef65cd",
-    "0xb5c0fbcfec4d3b2f",
-    "0xe9b5dba58189dbbc",
-    "0x3956c25bf348b538",
-    "0x59f111f1b605d019",
-    "0x923f82a4af194f9b",
-    "0xab1c5ed5da6d8118",
-    "0xd807aa98a3030242",
-    "0x12835b0145706fbe",
-    "0x243185be4ee4b28c",
-    "0x550c7dc3d5ffb4e2",
-    "0x72be5d74f27b896f",
-    "0x80deb1fe3b1696b1",
-    "0x9bdc06a725c71235",
-    "0xc19bf174cf692694",
-    "0xe49b69c19ef14ad2",
-    "0xefbe4786384f25e3",
-    "0x0fc19dc68b8cd5b5",
-    "0x240ca1cc77ac9c65",
-    "0x2de92c6f592b0275",
-    "0x4a7484aa6ea6e483",
-    "0x5cb0a9dcbd41fbd4",
-    "0x76f988da831153b5",
-    "0x983e5152ee66dfab",
-    "0xa831c66d2db43210",
-    "0xb00327c898fb213f",
-    "0xbf597fc7beef0ee4",
-    "0xc6e00bf33da88fc2",
-    "0xd5a79147930aa725",
-    "0x06ca6351e003826f",
-    "0x142929670a0e6e70",
-    "0x27b70a8546d22ffc",
-    "0x2e1b21385c26c926",
-    "0x4d2c6dfc5ac42aed",
-    "0x53380d139d95b3df",
-    "0x650a73548baf63de",
-    "0x766a0abb3c77b2a8",
-    "0x81c2c92e47edaee6",
-    "0x92722c851482353b",
-    "0xa2bfe8a14cf10364",
-    "0xa81a664bbc423001",
-    "0xc24b8b70d0f89791",
-    "0xc76c51a30654be30",
-    "0xd192e819d6ef5218",
-    "0xd69906245565a910",
-    "0xf40e35855771202a",
-    "0x106aa07032bbd1b8",
-    "0x19a4c116b8d2d0c8",
-    "0x1e376c085141ab53",
-    "0x2748774cdf8eeb99",
-    "0x34b0bcb5e19b48a8",
-    "0x391c0cb3c5c95a63",
-    "0x4ed8aa4ae3418acb",
-    "0x5b9cca4f7763e373",
-    "0x682e6ff3d6b2b8a3",
-    "0x748f82ee5defb2fc",
-    "0x78a5636f43172f60",
-    "0x84c87814a1f0ab72",
-    "0x8cc702081a6439ec",
-    "0x90befffa23631e28",
-    "0xa4506cebde82bde9",
-    "0xbef9a3f7b2c67915",
-    "0xc67178f2e372532b",
-    "0xca273eceea26619c",
-    "0xd186b8c721c0c207",
-    "0xeada7dd6cde0eb1e",
-    "0xf57d4f7fee6ed178",
-    "0x06f067aa72176fba",
-    "0x0a637dc5a2c898a6",
-    "0x113f9804bef90dae",
-    "0x1b710b35131c471b",
-    "0x28db77f523047d84",
-    "0x32caab7b40c72493",
-    "0x3c9ebe0a15c9bebc",
-    "0x431d67c49c100d4c",
-    "0x4cc5d4becb3e42b6",
-    "0x597f299cfc657e2a",
-    "0x5fcb6fab3ad6faec",
-    "0x6c44198c4a475817",
-  ].map((n) => BigInt(n))))();
+    0x428a2f98d728ae22n,
+    0x7137449123ef65cdn,
+    0xb5c0fbcfec4d3b2fn,
+    0xe9b5dba58189dbbcn,
+    0x3956c25bf348b538n,
+    0x59f111f1b605d019n,
+    0x923f82a4af194f9bn,
+    0xab1c5ed5da6d8118n,
+    0xd807aa98a3030242n,
+    0x12835b0145706fben,
+    0x243185be4ee4b28cn,
+    0x550c7dc3d5ffb4e2n,
+    0x72be5d74f27b896fn,
+    0x80deb1fe3b1696b1n,
+    0x9bdc06a725c71235n,
+    0xc19bf174cf692694n,
+    0xe49b69c19ef14ad2n,
+    0xefbe4786384f25e3n,
+    0x0fc19dc68b8cd5b5n,
+    0x240ca1cc77ac9c65n,
+    0x2de92c6f592b0275n,
+    0x4a7484aa6ea6e483n,
+    0x5cb0a9dcbd41fbd4n,
+    0x76f988da831153b5n,
+    0x983e5152ee66dfabn,
+    0xa831c66d2db43210n,
+    0xb00327c898fb213fn,
+    0xbf597fc7beef0ee4n,
+    0xc6e00bf33da88fc2n,
+    0xd5a79147930aa725n,
+    0x06ca6351e003826fn,
+    0x142929670a0e6e70n,
+    0x27b70a8546d22ffcn,
+    0x2e1b21385c26c926n,
+    0x4d2c6dfc5ac42aedn,
+    0x53380d139d95b3dfn,
+    0x650a73548baf63den,
+    0x766a0abb3c77b2a8n,
+    0x81c2c92e47edaee6n,
+    0x92722c851482353bn,
+    0xa2bfe8a14cf10364n,
+    0xa81a664bbc423001n,
+    0xc24b8b70d0f89791n,
+    0xc76c51a30654be30n,
+    0xd192e819d6ef5218n,
+    0xd69906245565a910n,
+    0xf40e35855771202an,
+    0x106aa07032bbd1b8n,
+    0x19a4c116b8d2d0c8n,
+    0x1e376c085141ab53n,
+    0x2748774cdf8eeb99n,
+    0x34b0bcb5e19b48a8n,
+    0x391c0cb3c5c95a63n,
+    0x4ed8aa4ae3418acbn,
+    0x5b9cca4f7763e373n,
+    0x682e6ff3d6b2b8a3n,
+    0x748f82ee5defb2fcn,
+    0x78a5636f43172f60n,
+    0x84c87814a1f0ab72n,
+    0x8cc702081a6439ecn,
+    0x90befffa23631e28n,
+    0xa4506cebde82bde9n,
+    0xbef9a3f7b2c67915n,
+    0xc67178f2e372532bn,
+    0xca273eceea26619cn,
+    0xd186b8c721c0c207n,
+    0xeada7dd6cde0eb1en,
+    0xf57d4f7fee6ed178n,
+    0x06f067aa72176fban,
+    0x0a637dc5a2c898a6n,
+    0x113f9804bef90daen,
+    0x1b710b35131c471bn,
+    0x28db77f523047d84n,
+    0x32caab7b40c72493n,
+    0x3c9ebe0a15c9bebcn,
+    0x431d67c49c100d4cn,
+    0x4cc5d4becb3e42b6n,
+    0x597f299cfc657e2an,
+    0x5fcb6fab3ad6faecn,
+    0x6c44198c4a475817n,
+  ]))();
 const SHA512_Kh = /* @__PURE__ */ (() => K512[0])();
 const SHA512_Kl = /* @__PURE__ */ (() => K512[1])();
 

packages/common/src/hash/sha3.ts

@@ -53,9 +53,9 @@ for (let round = 0, R = N_1, x = 1, y = 0; round < 24; round++) {
   SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
   // Iota
   let t = N_0;
-  for (let j = 0; j < 7; j++) {
+  for (let j = 0n; j < 7n; j++) {
     R = ((R << N_1) ^ ((R >> N_7) * N_0x71)) % N_256;
-    if (R & N_2) t ^= N_1 << ((N_1 << BigInt(j)) - N_1);
+    if (R & N_2) t ^= N_1 << ((N_1 << j) - N_1);
   }
   _SHA3_IOTA.push(t);
 }

packages/common/src/hash/u64.ts

@@ -11,9 +11,17 @@
  * @todo re-check https://issues.chromium.org/issues/42212588
  * @module
  */
-import { N_32 } from "../consts.ts";
+import { BYTE_TO_BIGINT_256, N_32 } from "../consts.ts";
 
-const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+const U32_MASK64 = 0xffff_ffffn;
+
+function u32ToBig(n: number): bigint {
+  const u = n >>> 0;
+  return (BYTE_TO_BIGINT_256[(u >>> 24) & 0xff] << 24n) |
+    (BYTE_TO_BIGINT_256[(u >>> 16) & 0xff] << 16n) |
+    (BYTE_TO_BIGINT_256[(u >>> 8) & 0xff] << 8n) |
+    BYTE_TO_BIGINT_256[u & 0xff];
+}
 
 function fromBig(
   n: bigint,
@@ -43,7 +51,7 @@ function split(lst: bigint[], le = false): Uint32Array[] {
 }
 
 const toBig = (h: number, l: number): bigint =>
-  (BigInt(h >>> 0) << N_32) | BigInt(l >>> 0);
+  (u32ToBig(h) << N_32) | u32ToBig(l);
 // for Shift in [0, 32)
 const shrSH = (h: number, _l: number, s: number): number => h >>> s;
 const shrSL = (h: number, l: number, s: number): number =>