When dealing with cryptographic secrets (private keys, passwords, etc) it is desirable to not run these secrets through functions that do not run in constant time, in order to avoid the potential for side channel attacks. An example of this would be the encoding a Unicode string into bytes to be used as an input for a KDF.
In browser-based JavaScript, the API for encoding to UTF-8 is TextEncoder. However, the API gives no guarantees about the runtime characteristics of the function. I would assume that a general-purpose implementation will be optimized for performance, and will take any shortcuts that it can, thus influencing the runtime based on the input. Additionally, because UTF-8 generates variable-byte-length outputs depending on the codepoints used in the string, this looks like something that cannot be easily implemented in constant time at all, correct?
Thus, when encoding a password to bytes, to be used as input for a KDF, would it be preferrable and safe to encode to UTF-16 (the character encoding used internally by JavaScript) by calling charCodeAt(i) for every i between 0 and inputString.length? This should result in exactly 2*inputString.length bytes and its runtime should not be dependent on the contents of the string (unless I'm overlooking something).
function pwToBytes(pw: string): Uint16Array {
const buf = new ArrayBuffer(pw.length * 2);
const view = new Uint16Array(buf);
const length = pw.length;
for (let i=0; i < length; i++) {
view[i] = pw.charCodeAt(i);
}
return view;
}
