From e07a0c432ab2094c43b521e64c2b28055220483c Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Tue, 20 Jun 2023 13:44:23 +0200
Subject: [PATCH] Replace hash.js with noble-hashes

---
 package-lock.json                             |  1 -
 package.json                                  |  1 -
 src/crypto/hash/index.js                      | 37 ++++---------------
 src/crypto/public_key/elliptic/eddsa.js       |  4 +-
 .../public_key/elliptic/eddsa_legacy.js       |  4 +-
 5 files changed, 11 insertions(+), 36 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b3eb3310..3047d644 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -38,7 +38,6 @@
         "eslint-plugin-chai-friendly": "^0.7.2",
         "eslint-plugin-import": "^2.27.5",
         "fflate": "^0.7.4",
-        "hash.js": "^1.1.3",
         "http-server": "^14.1.1",
         "karma": "^6.4.0",
         "karma-browserstack-launcher": "^1.6.0",
diff --git a/package.json b/package.json
index 5486f194..afae2ddd 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,6 @@
     "eslint-plugin-chai-friendly": "^0.7.2",
     "eslint-plugin-import": "^2.27.5",
     "fflate": "^0.7.4",
-    "hash.js": "^1.1.3",
     "http-server": "^14.1.1",
     "karma": "^6.4.0",
     "karma-browserstack-launcher": "^1.6.0",
diff --git a/src/crypto/hash/index.js b/src/crypto/hash/index.js
index 50b66ad2..bdf6d60b 100644
--- a/src/crypto/hash/index.js
+++ b/src/crypto/hash/index.js
@@ -6,11 +6,9 @@
  */
 
 import { sha1 } from '@openpgp/noble-hashes/sha1';
-import { sha256 } from '@openpgp/noble-hashes/sha256';
-import sha224 from 'hash.js/lib/hash/sha/224';
-import sha384 from 'hash.js/lib/hash/sha/384';
-import sha512 from 'hash.js/lib/hash/sha/512';
-import { ripemd160 } from 'hash.js/lib/hash/ripemd';
+import { sha224, sha256 } from '@openpgp/noble-hashes/sha256';
+import { sha384, sha512 } from '@openpgp/noble-hashes/sha512';
+import { ripemd160 } from '@openpgp/noble-hashes/ripemd160';
 import * as stream from '@openpgp/web-stream-tools';
 import md5 from './md5';
 import util from '../../util';
@@ -32,21 +30,6 @@ function nodeHash(type) {
   };
 }
 
-function hashjsHash(hash, webCryptoHash) {
-  return async function(data) {
-    if (stream.isArrayStream(data)) {
-      data = await stream.readToEnd(data);
-    }
-    if (!util.isStream(data) && webCrypto && webCryptoHash) {
-      return new Uint8Array(await webCrypto.digest(webCryptoHash, data));
-    }
-    const hashInstance = hash();
-    return stream.transform(data, value => {
-      hashInstance.update(value);
-    }, () => new Uint8Array(hashInstance.digest()));
-  };
-}
-
 function nobleHash(hash, webCryptoHash) {
   return async function(data) {
     if (stream.isArrayStream(data)) {
@@ -68,28 +51,22 @@ function nobleHash(hash, webCryptoHash) {
 const hashFunctions = {
   md5: nodeHash('md5') || md5,
   sha1: nodeHash('sha1') || nobleHash(sha1, 'SHA-1'),
-  sha224: nodeHash('sha224') || hashjsHash(sha224),
+  sha224: nodeHash('sha224') || nobleHash(sha224),
   sha256: nodeHash('sha256') || nobleHash(sha256, 'SHA-256'),
-  sha384: nodeHash('sha384') || hashjsHash(sha384, 'SHA-384'),
-  sha512: nodeHash('sha512') || hashjsHash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.
-  ripemd: nodeHash('ripemd160') || hashjsHash(ripemd160)
+  sha384: nodeHash('sha384') || nobleHash(sha384, 'SHA-384'),
+  sha512: nodeHash('sha512') || nobleHash(sha512, 'SHA-512'),
+  ripemd: nodeHash('ripemd160') || nobleHash(ripemd160)
 };
 
 export default {
 
   /** @see module:md5 */
   md5: hashFunctions.md5,
-  /** @see asmCrypto */
   sha1: hashFunctions.sha1,
-  /** @see hash.js */
   sha224: hashFunctions.sha224,
-  /** @see asmCrypto */
   sha256: hashFunctions.sha256,
-  /** @see hash.js */
   sha384: hashFunctions.sha384,
-  /** @see asmCrypto */
   sha512: hashFunctions.sha512,
-  /** @see hash.js */
   ripemd: hashFunctions.ripemd,
 
   /**
diff --git a/src/crypto/public_key/elliptic/eddsa.js b/src/crypto/public_key/elliptic/eddsa.js
index 413f967f..002f3f29 100644
--- a/src/crypto/public_key/elliptic/eddsa.js
+++ b/src/crypto/public_key/elliptic/eddsa.js
@@ -20,14 +20,14 @@
  * @module crypto/public_key/elliptic/eddsa
  */
 
-import sha512 from 'hash.js/lib/hash/sha/512';
+import { sha512 } from '@openpgp/noble-hashes/sha512';
 import nacl from '@openpgp/tweetnacl/nacl-fast-light';
 import util from '../../../util';
 import enums from '../../../enums';
 import hash from '../../hash';
 import { getRandomBytes } from '../../random';
 
-nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());
+nacl.hash = bytes => sha512(bytes);
 
 /**
  * Generate (non-legacy) EdDSA key
diff --git a/src/crypto/public_key/elliptic/eddsa_legacy.js b/src/crypto/public_key/elliptic/eddsa_legacy.js
index 726d7ce0..3de09ba4 100644
--- a/src/crypto/public_key/elliptic/eddsa_legacy.js
+++ b/src/crypto/public_key/elliptic/eddsa_legacy.js
@@ -21,13 +21,13 @@
  * @module crypto/public_key/elliptic/eddsa_legacy
  */
 
-import sha512 from 'hash.js/lib/hash/sha/512';
+import { sha512 } from '@openpgp/noble-hashes/sha512';
 import nacl from '@openpgp/tweetnacl/nacl-fast-light';
 import util from '../../../util';
 import enums from '../../../enums';
 import hash from '../../hash';
 
-nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());
+nacl.hash = bytes => sha512(bytes);
 
 /**
  * Sign a message using the provided legacy EdDSA key