hash padding

Author: jackielu3

CHANGELOG.md

@@ -189,6 +189,19 @@ All notable changes to this project will be documented in this file. The format
 ### Security
 ---
 
+### [1.9.18] - 2025-12-02
+
+### Added
+
+- Added checks for messages that are too long for the hash function.
+
+### Changed
+
+- Changed the Hash class to use BigInt for padding.
+- Changed the way padding is calculated for big endian and little endian.
+
+---
+
 ### [1.9.17] - 2025-12-01
 
 ### Added

src/primitives/Hash.ts

@@ -168,48 +168,42 @@ abstract class BaseHash {
    * @returns Returns an array denoting the padding.
    */
   private _pad (): number[] {
-    //
-    let len = this.pendingTotal
+    const len = this.pendingTotal
     const bytes = this._delta8
     const k = bytes - ((len + this.padLength) % bytes)
     const res = new Array(k + this.padLength)
     res[0] = 0x80
-    let i
+    let i: number
     for (i = 1; i < k; i++) {
       res[i] = 0
     }
 
     // Append length
-    len <<= 3
-    let t
+    const maxBits = 1n << BigInt(this.padLength * 8)
+    let totalBits = BigInt(len) * 8n
+
+    if (totalBits >= maxBits) {
+      throw new Error('Message too long for this hash function')
+    }
+
+    const lengthBytes = this.padLength
     if (this.endian === 'big') {
-      for (t = 8; t < this.padLength; t++) {
-        res[i++] = 0
+      const lenArray = new Array<number>(lengthBytes)
+
+      for (let b = lengthBytes - 1; b >= 0; b--) {
+        lenArray[b] = Number(totalBits & 0xffn)
+        totalBits >>= 8n
       }
 
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = (len >>> 24) & 0xff
-      res[i++] = (len >>> 16) & 0xff
-      res[i++] = (len >>> 8) & 0xff
-      res[i++] = len & 0xff
+      for (let b = 0; b < lengthBytes; b++) {
+        res[i++] = lenArray[b]
+      }
     } else {
-      res[i++] = len & 0xff
-      res[i++] = (len >>> 8) & 0xff
-      res[i++] = (len >>> 16) & 0xff
-      res[i++] = (len >>> 24) & 0xff
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-      res[i++] = 0
-
-      for (t = 8; t < this.padLength; t++) {
-        res[i++] = 0
+      for (let b = 0; b < lengthBytes; b++) {
+        res[i++] = Number(totalBits & 0xffn)
+        totalBits >>= 8n
       }
     }
-
     return res
   }
 }

src/primitives/__tests/Hash.test.ts

@@ -101,6 +101,54 @@ describe('Hash', function () {
     )
   })
 
+  describe('BaseHash padding and endianness', () => {
+    it('encodes length in big-endian for SHA1', () => {
+      const sha1 = new (hash as any).SHA1()
+      ;(sha1 as any).pendingTotal = 12345
+      const pad = (sha1 as any)._pad() as number[]
+      const padLength = (sha1 as any).padLength as number
+      const lengthBytes = pad.slice(-padLength)
+
+      const totalBits = BigInt(12345) * 8n
+      const expected = new Array<number>(padLength)
+      let tmp = totalBits
+      for (let i = padLength - 1; i >= 0; i--) {
+        expected[i] = Number(tmp & 0xffn)
+        tmp >>= 8n
+      }
+
+      expect(lengthBytes).toEqual(expected)
+    })
+
+    it('encodes length in little-endian for RIPEMD160', () => {
+      const ripemd = new (hash as any).RIPEMD160()
+      ;(ripemd as any).pendingTotal = 12345
+      const pad = (ripemd as any)._pad() as number[]
+      const padLength = (ripemd as any).padLength as number
+      const lengthBytes = pad.slice(-padLength)
+
+      const totalBits = BigInt(12345) * 8n
+      const expected = new Array<number>(padLength)
+      let tmp = totalBits
+      for (let i = 0; i < padLength; i++) {
+        expected[i] = Number(tmp & 0xffn)
+        tmp >>= 8n
+      }
+
+      expect(lengthBytes).toEqual(expected)
+    })
+
+    it('throws when message length exceeds maximum encodable bits', () => {
+      const sha1 = new (hash as any).SHA1()
+      ;(sha1 as any).padLength = 1
+      ;(sha1 as any).pendingTotal = 40
+
+      expect(() => {
+        ;(sha1 as any)._pad()
+      }).toThrow(new Error('Message too long for this hash function'))
+    })
+  })
+
   describe('PBKDF2 vectors', () => {
     for (let i = 0; i < PBKDF2Vectors.length; i++) {
       const v = PBKDF2Vectors[i]