Use u64Lengths util.

Author: paulmillr

src/_micro.ts

@@ -13,11 +13,10 @@ import {
   type XorStream,
   bytesToHex,
   concatBytes,
-  createView,
   equalBytes,
   hexToNumber,
   numberToBytesBE,
-  setBigUint64,
+  u64Lengths,
   wrapCipher,
 } from './utils.ts';
 
@@ -235,12 +234,7 @@ function computeTag(
   res.push(ciphertext);
   const leftover = ciphertext.length % 16;
   if (leftover > 0) res.push(new Uint8Array(16 - leftover));
-  // Lengths
-  const num = new Uint8Array(16);
-  const view = createView(num);
-  setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);
-  setBigUint64(view, 8, BigInt(ciphertext.length), true);
-  res.push(num);
+  res.push(u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true));
   const authKey = fn(key, nonce, new Uint8Array(32));
   return poly1305(concatBytes(...res), authKey);
 }

src/_polyval.ts

@@ -189,6 +189,7 @@ class GHASH implements Hash<GHASH> {
 class Polyval extends GHASH {
   constructor(key: Input, expectedLength?: number) {
     key = toBytes(key);
+    abytes(key);
     const ghKey = _toGHASHKey(copyBytes(key));
     super(ghKey, expectedLength);
     clean(ghKey);

src/aes.ts

@@ -30,6 +30,7 @@ import {
   overlapBytes,
   setBigUint64,
   u32,
+  u64Lengths,
   u8,
   wrapCipher,
 } from './utils.ts';
@@ -590,14 +591,11 @@ function computeTag(
   data: Uint8Array,
   AAD?: Uint8Array
 ) {
-  const aadLength = AAD == null ? 0 : AAD.length;
+  const aadLength = AAD ? AAD.length : 0;
   const h = fn.create(key, data.length + aadLength);
   if (AAD) h.update(AAD);
+  const num = u64Lengths(8 * data.length, 8 * aadLength, isLE);
   h.update(data);
-  const num = new Uint8Array(16);
-  const view = createView(num);
-  if (AAD) setBigUint64(view, 0, BigInt(aadLength * 8), isLE);
-  setBigUint64(view, 8, BigInt(data.length * 8), isLE);
   h.update(num);
   const res = h.digest();
   clean(num);

���src/chacha.ts

@@ -19,10 +19,9 @@ import {
   type CipherWithOutput,
   type XorStream,
   clean,
-  createView,
   equalBytes,
   getOutput,
-  setBigUint64,
+  u64Lengths,
   wrapCipher,
 } from './utils.ts';
 
@@ -223,10 +222,7 @@ function computeTag(
   const h = poly1305.create(authKey);
   if (AAD) updatePadded(h, AAD);
   updatePadded(h, data);
-  const num = new Uint8Array(16);
-  const view = createView(num);
-  setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);
-  setBigUint64(view, 8, BigInt(data.length), true);
+  const num = u64Lengths(data.length, AAD ? AAD.length : 0, true);
   h.update(num);
   const res = h.digest();
   clean(authKey, num);

src/ff1.ts

@@ -45,7 +45,7 @@ function getRound(radix: number, key: Uint8Array, tweak: Uint8Array, x: number[]
   const d = 4 * Math.ceil(b / 4) + 4;
   const padding = mod(-tweak.length - b - 1, 16);
   // P = [1]1 || [2]1 || [1]1 || [radix]3 || [10]1 || [u mod 256]1 || [n]4 || [t]4.
-  const P = new Uint8Array([1, 2, 1, 0, 0, 0, 10, u, 0, 0, 0, 0, 0, 0, 0, 0]);
+  const P = Uint8Array.from([1, 2, 1, 0, 0, 0, 10, u, 0, 0, 0, 0, 0, 0, 0, 0]);
   const view = new DataView(P.buffer);
   view.setUint16(4, radix, false);
   view.setUint32(8, x.length, false);
@@ -93,7 +93,7 @@ function getRound(radix: number, key: Uint8Array, tweak: Uint8Array, x: number[]
   return { u, round, destroy };
 }
 
-const EMPTY_BUF = new Uint8Array([]);
+const EMPTY_BUF = /* @__PURE__ */ Uint8Array.of();
 
 /** FPE-FF1 format-preserving encryption */
 export function FF1(

src/utils.ts

@@ -433,12 +433,12 @@ export function setBigUint64(
   view.setUint32(byteOffset + l, wl, isLE);
 }
 
-// TODO: unused anywhere
-export function u64Lengths(ciphertext: Uint8Array, AAD?: Uint8Array): Uint8Array {
+export function u64Lengths(dataLength: number, aadLength: number, isLE: boolean): Uint8Array {
+  abool(isLE);
   const num = new Uint8Array(16);
   const view = createView(num);
-  setBigUint64(view, 0, BigInt(AAD ? AAD.length : 0), true);
-  setBigUint64(view, 8, BigInt(ciphertext.length), true);
+  setBigUint64(view, 0, BigInt(aadLength), isLE);
+  setBigUint64(view, 8, BigInt(dataLength), isLE);
   return num;
 }
 

test/utils.test.js

@@ -1,20 +1,20 @@
-import { deepStrictEqual, throws } from 'node:assert';
 import fc from 'fast-check';
 import { describe, should } from 'micro-should';
-import { TYPE_TEST, unalign } from './utils.js';
+import { deepStrictEqual, throws } from 'node:assert';
 import * as assert from '../esm/_assert.js';
 import {
-  createView,
   bytesToHex,
+  bytesToUtf8,
   concatBytes,
+  createView,
+  getOutput,
   hexToBytes,
   overlapBytes,
-  toBytes,
-  bytesToUtf8,
-  getOutput,
   setBigUint64,
+  toBytes,
   u64Lengths,
 } from '../esm/utils.js';
+import { TYPE_TEST, unalign } from './utils.js';
 
 describe('utils', () => {
   const staticHexVectors = [
@@ -188,9 +188,12 @@ describe('utils', () => {
     }
   });
   should('u64Lengths', () => {
-    deepStrictEqual(bytesToHex(u64Lengths(new Uint8Array(10))), '00000000000000000a00000000000000');
     deepStrictEqual(
-      bytesToHex(u64Lengths(new Uint8Array(10), new Uint8Array(7))),
+      bytesToHex(u64Lengths(new Uint8Array(10).length, 0, true)),
+      '00000000000000000a00000000000000'
+    );
+    deepStrictEqual(
+      bytesToHex(u64Lengths(new Uint8Array(10).length, new Uint8Array(7).length, true)),
       '07000000000000000a00000000000000'
     );
   });