import blake2b from 'blake2b'\r
\r
'use strict';\r
- \r
+\r
// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.\r
// Public domain.\r
//\r
// cryptocurrency.\r
// See for details: https://docs.nano.org/integration-guides/the-basics/\r
// Original source commit: https://github.com/dchest/tweetnacl-js/blob/71df1d6a1d78236ca3e9f6c788786e21f5a651a6/nacl-fast.js\r
- \r
+\r
var gf = function(init?: any) {\r
var i, r = new Float64Array(16);\r
if (init) for (i = 0; i < init.length; i++) r[i] = init[i];\r
return r;\r
};\r
- \r
+\r
// Pluggable, initialized in high-level API below.\r
var randombytes = function(/* x, n */) { throw new Error('no PRNG'); };\r
- \r
+\r
var _0 = new Uint8Array(16);\r
var _9 = new Uint8Array(32); _9[0] = 9;\r
- \r
+\r
var gf0 = gf(),\r
gf1 = gf([1]),\r
_121665 = gf([0xdb41, 1]),\r
X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),\r
Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),\r
I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\r
- \r
+\r
function ts64(x, i, h, l) {\r
x[i] = (h >> 24) & 0xff;\r
x[i+1] = (h >> 16) & 0xff;\r
x[i+6] = (l >> 8) & 0xff;\r
x[i+7] = l & 0xff;\r
}\r
- \r
+\r
function vn(x, xi, y, yi, n) {\r
var i,d = 0;\r
for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];\r
return (1 & ((d - 1) >>> 8)) - 1;\r
}\r
- \r
+\r
function crypto_verify_16(x, xi, y, yi) {\r
return vn(x,xi,y,yi,16);\r
}\r
- \r
+\r
function crypto_verify_32(x, xi, y, yi) {\r
return vn(x,xi,y,yi,32);\r
}\r
- \r
+\r
function core_salsa20(o, p, k, c) {\r
var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,\r
j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,\r
j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,\r
j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,\r
j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;\r
- \r
+\r
var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,\r
x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,\r
x15 = j15, u;\r
- \r
+\r
for (var i = 0; i < 20; i += 2) {\r
u = x0 + x12 | 0;\r
x4 ^= u<<7 | u>>>(32-7);\r
x12 ^= u<<13 | u>>>(32-13);\r
u = x12 + x8 | 0;\r
x0 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x5 + x1 | 0;\r
x9 ^= u<<7 | u>>>(32-7);\r
u = x9 + x5 | 0;\r
x1 ^= u<<13 | u>>>(32-13);\r
u = x1 + x13 | 0;\r
x5 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x10 + x6 | 0;\r
x14 ^= u<<7 | u>>>(32-7);\r
u = x14 + x10 | 0;\r
x6 ^= u<<13 | u>>>(32-13);\r
u = x6 + x2 | 0;\r
x10 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x15 + x11 | 0;\r
x3 ^= u<<7 | u>>>(32-7);\r
u = x3 + x15 | 0;\r
x11 ^= u<<13 | u>>>(32-13);\r
u = x11 + x7 | 0;\r
x15 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x0 + x3 | 0;\r
x1 ^= u<<7 | u>>>(32-7);\r
u = x1 + x0 | 0;\r
x3 ^= u<<13 | u>>>(32-13);\r
u = x3 + x2 | 0;\r
x0 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x5 + x4 | 0;\r
x6 ^= u<<7 | u>>>(32-7);\r
u = x6 + x5 | 0;\r
x4 ^= u<<13 | u>>>(32-13);\r
u = x4 + x7 | 0;\r
x5 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x10 + x9 | 0;\r
x11 ^= u<<7 | u>>>(32-7);\r
u = x11 + x10 | 0;\r
x9 ^= u<<13 | u>>>(32-13);\r
u = x9 + x8 | 0;\r
x10 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x15 + x14 | 0;\r
x12 ^= u<<7 | u>>>(32-7);\r
u = x12 + x15 | 0;\r
x13 = x13 + j13 | 0;\r
x14 = x14 + j14 | 0;\r
x15 = x15 + j15 | 0;\r
- \r
+\r
o[ 0] = x0 >>> 0 & 0xff;\r
o[ 1] = x0 >>> 8 & 0xff;\r
o[ 2] = x0 >>> 16 & 0xff;\r
o[ 3] = x0 >>> 24 & 0xff;\r
- \r
+\r
o[ 4] = x1 >>> 0 & 0xff;\r
o[ 5] = x1 >>> 8 & 0xff;\r
o[ 6] = x1 >>> 16 & 0xff;\r
o[ 7] = x1 >>> 24 & 0xff;\r
- \r
+\r
o[ 8] = x2 >>> 0 & 0xff;\r
o[ 9] = x2 >>> 8 & 0xff;\r
o[10] = x2 >>> 16 & 0xff;\r
o[11] = x2 >>> 24 & 0xff;\r
- \r
+\r
o[12] = x3 >>> 0 & 0xff;\r
o[13] = x3 >>> 8 & 0xff;\r
o[14] = x3 >>> 16 & 0xff;\r
o[15] = x3 >>> 24 & 0xff;\r
- \r
+\r
o[16] = x4 >>> 0 & 0xff;\r
o[17] = x4 >>> 8 & 0xff;\r
o[18] = x4 >>> 16 & 0xff;\r
o[19] = x4 >>> 24 & 0xff;\r
- \r
+\r
o[20] = x5 >>> 0 & 0xff;\r
o[21] = x5 >>> 8 & 0xff;\r
o[22] = x5 >>> 16 & 0xff;\r
o[23] = x5 >>> 24 & 0xff;\r
- \r
+\r
o[24] = x6 >>> 0 & 0xff;\r
o[25] = x6 >>> 8 & 0xff;\r
o[26] = x6 >>> 16 & 0xff;\r
o[27] = x6 >>> 24 & 0xff;\r
- \r
+\r
o[28] = x7 >>> 0 & 0xff;\r
o[29] = x7 >>> 8 & 0xff;\r
o[30] = x7 >>> 16 & 0xff;\r
o[31] = x7 >>> 24 & 0xff;\r
- \r
+\r
o[32] = x8 >>> 0 & 0xff;\r
o[33] = x8 >>> 8 & 0xff;\r
o[34] = x8 >>> 16 & 0xff;\r
o[35] = x8 >>> 24 & 0xff;\r
- \r
+\r
o[36] = x9 >>> 0 & 0xff;\r
o[37] = x9 >>> 8 & 0xff;\r
o[38] = x9 >>> 16 & 0xff;\r
o[39] = x9 >>> 24 & 0xff;\r
- \r
+\r
o[40] = x10 >>> 0 & 0xff;\r
o[41] = x10 >>> 8 & 0xff;\r
o[42] = x10 >>> 16 & 0xff;\r
o[43] = x10 >>> 24 & 0xff;\r
- \r
+\r
o[44] = x11 >>> 0 & 0xff;\r
o[45] = x11 >>> 8 & 0xff;\r
o[46] = x11 >>> 16 & 0xff;\r
o[47] = x11 >>> 24 & 0xff;\r
- \r
+\r
o[48] = x12 >>> 0 & 0xff;\r
o[49] = x12 >>> 8 & 0xff;\r
o[50] = x12 >>> 16 & 0xff;\r
o[51] = x12 >>> 24 & 0xff;\r
- \r
+\r
o[52] = x13 >>> 0 & 0xff;\r
o[53] = x13 >>> 8 & 0xff;\r
o[54] = x13 >>> 16 & 0xff;\r
o[55] = x13 >>> 24 & 0xff;\r
- \r
+\r
o[56] = x14 >>> 0 & 0xff;\r
o[57] = x14 >>> 8 & 0xff;\r
o[58] = x14 >>> 16 & 0xff;\r
o[59] = x14 >>> 24 & 0xff;\r
- \r
+\r
o[60] = x15 >>> 0 & 0xff;\r
o[61] = x15 >>> 8 & 0xff;\r
o[62] = x15 >>> 16 & 0xff;\r
o[63] = x15 >>> 24 & 0xff;\r
}\r
- \r
+\r
function core_hsalsa20(o,p,k,c) {\r
var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,\r
j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,\r
j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,\r
j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,\r
j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;\r
- \r
+\r
var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,\r
x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,\r
x15 = j15, u;\r
- \r
+\r
for (var i = 0; i < 20; i += 2) {\r
u = x0 + x12 | 0;\r
x4 ^= u<<7 | u>>>(32-7);\r
x12 ^= u<<13 | u>>>(32-13);\r
u = x12 + x8 | 0;\r
x0 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x5 + x1 | 0;\r
x9 ^= u<<7 | u>>>(32-7);\r
u = x9 + x5 | 0;\r
x1 ^= u<<13 | u>>>(32-13);\r
u = x1 + x13 | 0;\r
x5 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x10 + x6 | 0;\r
x14 ^= u<<7 | u>>>(32-7);\r
u = x14 + x10 | 0;\r
x6 ^= u<<13 | u>>>(32-13);\r
u = x6 + x2 | 0;\r
x10 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x15 + x11 | 0;\r
x3 ^= u<<7 | u>>>(32-7);\r
u = x3 + x15 | 0;\r
x11 ^= u<<13 | u>>>(32-13);\r
u = x11 + x7 | 0;\r
x15 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x0 + x3 | 0;\r
x1 ^= u<<7 | u>>>(32-7);\r
u = x1 + x0 | 0;\r
x3 ^= u<<13 | u>>>(32-13);\r
u = x3 + x2 | 0;\r
x0 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x5 + x4 | 0;\r
x6 ^= u<<7 | u>>>(32-7);\r
u = x6 + x5 | 0;\r
x4 ^= u<<13 | u>>>(32-13);\r
u = x4 + x7 | 0;\r
x5 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x10 + x9 | 0;\r
x11 ^= u<<7 | u>>>(32-7);\r
u = x11 + x10 | 0;\r
x9 ^= u<<13 | u>>>(32-13);\r
u = x9 + x8 | 0;\r
x10 ^= u<<18 | u>>>(32-18);\r
- \r
+\r
u = x15 + x14 | 0;\r
x12 ^= u<<7 | u>>>(32-7);\r
u = x12 + x15 | 0;\r
u = x14 + x13 | 0;\r
x15 ^= u<<18 | u>>>(32-18);\r
}\r
- \r
+\r
o[ 0] = x0 >>> 0 & 0xff;\r
o[ 1] = x0 >>> 8 & 0xff;\r
o[ 2] = x0 >>> 16 & 0xff;\r
o[ 3] = x0 >>> 24 & 0xff;\r
- \r
+\r
o[ 4] = x5 >>> 0 & 0xff;\r
o[ 5] = x5 >>> 8 & 0xff;\r
o[ 6] = x5 >>> 16 & 0xff;\r
o[ 7] = x5 >>> 24 & 0xff;\r
- \r
+\r
o[ 8] = x10 >>> 0 & 0xff;\r
o[ 9] = x10 >>> 8 & 0xff;\r
o[10] = x10 >>> 16 & 0xff;\r
o[11] = x10 >>> 24 & 0xff;\r
- \r
+\r
o[12] = x15 >>> 0 & 0xff;\r
o[13] = x15 >>> 8 & 0xff;\r
o[14] = x15 >>> 16 & 0xff;\r
o[15] = x15 >>> 24 & 0xff;\r
- \r
+\r
o[16] = x6 >>> 0 & 0xff;\r
o[17] = x6 >>> 8 & 0xff;\r
o[18] = x6 >>> 16 & 0xff;\r
o[19] = x6 >>> 24 & 0xff;\r
- \r
+\r
o[20] = x7 >>> 0 & 0xff;\r
o[21] = x7 >>> 8 & 0xff;\r
o[22] = x7 >>> 16 & 0xff;\r
o[23] = x7 >>> 24 & 0xff;\r
- \r
+\r
o[24] = x8 >>> 0 & 0xff;\r
o[25] = x8 >>> 8 & 0xff;\r
o[26] = x8 >>> 16 & 0xff;\r
o[27] = x8 >>> 24 & 0xff;\r
- \r
+\r
o[28] = x9 >>> 0 & 0xff;\r
o[29] = x9 >>> 8 & 0xff;\r
o[30] = x9 >>> 16 & 0xff;\r
o[31] = x9 >>> 24 & 0xff;\r
}\r
- \r
+\r
function crypto_core_salsa20(out,inp,k,c) {\r
core_salsa20(out,inp,k,c);\r
}\r
- \r
+\r
function crypto_core_hsalsa20(out,inp,k,c) {\r
core_hsalsa20(out,inp,k,c);\r
}\r
- \r
+\r
var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);\r
// "expand 32-byte k"\r
- \r
+\r
function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) {\r
var z = new Uint8Array(16), x = new Uint8Array(64);\r
var u, i;\r
}\r
return 0;\r
}\r
- \r
+\r
function crypto_stream_salsa20(c,cpos,b,n,k) {\r
var z = new Uint8Array(16), x = new Uint8Array(64);\r
var u, i;\r
}\r
return 0;\r
}\r
- \r
+\r
function crypto_stream(c,cpos,d,n,k) {\r
var s = new Uint8Array(32);\r
crypto_core_hsalsa20(s,n,k,sigma);\r
for (var i = 0; i < 8; i++) sn[i] = n[i+16];\r
return crypto_stream_salsa20(c,cpos,d,sn,s);\r
}\r
- \r
+\r
function crypto_stream_xor(c,cpos,m,mpos,d,n,k) {\r
var s = new Uint8Array(32);\r
crypto_core_hsalsa20(s,n,k,sigma);\r
for (var i = 0; i < 8; i++) sn[i] = n[i+16];\r
return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,sn,s);\r
}\r
- \r
+\r
/*\r
* Port of Andrew Moon's Poly1305-donna-16. Public domain.\r
* https://github.com/floodyberry/poly1305-donna\r
*/\r
- \r
+\r
var poly1305 = function(key) {\r
this.buffer = new Uint8Array(16);\r
this.r = new Uint16Array(10);\r
this.pad = new Uint16Array(8);\r
this.leftover = 0;\r
this.fin = 0;\r
- \r
+\r
var t0, t1, t2, t3, t4, t5, t6, t7;\r
- \r
+\r
t0 = key[ 0] & 0xff | (key[ 1] & 0xff) << 8; this.r[0] = ( t0 ) & 0x1fff;\r
t1 = key[ 2] & 0xff | (key[ 3] & 0xff) << 8; this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;\r
t2 = key[ 4] & 0xff | (key[ 5] & 0xff) << 8; this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;\r
t6 = key[12] & 0xff | (key[13] & 0xff) << 8; this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;\r
t7 = key[14] & 0xff | (key[15] & 0xff) << 8; this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;\r
this.r[9] = ((t7 >>> 5)) & 0x007f;\r
- \r
+\r
this.pad[0] = key[16] & 0xff | (key[17] & 0xff) << 8;\r
this.pad[1] = key[18] & 0xff | (key[19] & 0xff) << 8;\r
this.pad[2] = key[20] & 0xff | (key[21] & 0xff) << 8;\r
this.pad[6] = key[28] & 0xff | (key[29] & 0xff) << 8;\r
this.pad[7] = key[30] & 0xff | (key[31] & 0xff) << 8;\r
};\r
- \r
+\r
poly1305.prototype.blocks = function(m, mpos, bytes) {\r
var hibit = this.fin ? 0 : (1 << 11);\r
var t0, t1, t2, t3, t4, t5, t6, t7, c;\r
var d0, d1, d2, d3, d4, d5, d6, d7, d8, d9;\r
- \r
+\r
var h0 = this.h[0],\r
h1 = this.h[1],\r
h2 = this.h[2],\r
h7 = this.h[7],\r
h8 = this.h[8],\r
h9 = this.h[9];\r
- \r
+\r
var r0 = this.r[0],\r
r1 = this.r[1],\r
r2 = this.r[2],\r
r7 = this.r[7],\r
r8 = this.r[8],\r
r9 = this.r[9];\r
- \r
+\r
while (bytes >= 16) {\r
t0 = m[mpos+ 0] & 0xff | (m[mpos+ 1] & 0xff) << 8; h0 += ( t0 ) & 0x1fff;\r
t1 = m[mpos+ 2] & 0xff | (m[mpos+ 3] & 0xff) << 8; h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff;\r
t6 = m[mpos+12] & 0xff | (m[mpos+13] & 0xff) << 8; h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff;\r
t7 = m[mpos+14] & 0xff | (m[mpos+15] & 0xff) << 8; h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff;\r
h9 += ((t7 >>> 5)) | hibit;\r
- \r
+\r
c = 0;\r
- \r
+\r
d0 = c;\r
d0 += h0 * r0;\r
d0 += h1 * (5 * r9);\r
d0 += h8 * (5 * r2);\r
d0 += h9 * (5 * r1);\r
c += (d0 >>> 13); d0 &= 0x1fff;\r
- \r
+\r
d1 = c;\r
d1 += h0 * r1;\r
d1 += h1 * r0;\r
d1 += h8 * (5 * r3);\r
d1 += h9 * (5 * r2);\r
c += (d1 >>> 13); d1 &= 0x1fff;\r
- \r
+\r
d2 = c;\r
d2 += h0 * r2;\r
d2 += h1 * r1;\r
d2 += h8 * (5 * r4);\r
d2 += h9 * (5 * r3);\r
c += (d2 >>> 13); d2 &= 0x1fff;\r
- \r
+\r
d3 = c;\r
d3 += h0 * r3;\r
d3 += h1 * r2;\r
d3 += h8 * (5 * r5);\r
d3 += h9 * (5 * r4);\r
c += (d3 >>> 13); d3 &= 0x1fff;\r
- \r
+\r
d4 = c;\r
d4 += h0 * r4;\r
d4 += h1 * r3;\r
d4 += h8 * (5 * r6);\r
d4 += h9 * (5 * r5);\r
c += (d4 >>> 13); d4 &= 0x1fff;\r
- \r
+\r
d5 = c;\r
d5 += h0 * r5;\r
d5 += h1 * r4;\r
d5 += h8 * (5 * r7);\r
d5 += h9 * (5 * r6);\r
c += (d5 >>> 13); d5 &= 0x1fff;\r
- \r
+\r
d6 = c;\r
d6 += h0 * r6;\r
d6 += h1 * r5;\r
d6 += h8 * (5 * r8);\r
d6 += h9 * (5 * r7);\r
c += (d6 >>> 13); d6 &= 0x1fff;\r
- \r
+\r
d7 = c;\r
d7 += h0 * r7;\r
d7 += h1 * r6;\r
d7 += h8 * (5 * r9);\r
d7 += h9 * (5 * r8);\r
c += (d7 >>> 13); d7 &= 0x1fff;\r
- \r
+\r
d8 = c;\r
d8 += h0 * r8;\r
d8 += h1 * r7;\r
d8 += h8 * r0;\r
d8 += h9 * (5 * r9);\r
c += (d8 >>> 13); d8 &= 0x1fff;\r
- \r
+\r
d9 = c;\r
d9 += h0 * r9;\r
d9 += h1 * r8;\r
d9 += h8 * r1;\r
d9 += h9 * r0;\r
c += (d9 >>> 13); d9 &= 0x1fff;\r
- \r
+\r
c = (((c << 2) + c)) | 0;\r
c = (c + d0) | 0;\r
d0 = c & 0x1fff;\r
c = (c >>> 13);\r
d1 += c;\r
- \r
+\r
h0 = d0;\r
h1 = d1;\r
h2 = d2;\r
h7 = d7;\r
h8 = d8;\r
h9 = d9;\r
- \r
+\r
mpos += 16;\r
bytes -= 16;\r
}\r
this.h[8] = h8;\r
this.h[9] = h9;\r
};\r
- \r
+\r
poly1305.prototype.finish = function(mac, macpos) {\r
var g = new Uint16Array(10);\r
var c, mask, f, i;\r
- \r
+\r
if (this.leftover) {\r
i = this.leftover;\r
this.buffer[i++] = 1;\r
this.fin = 1;\r
this.blocks(this.buffer, 0, 16);\r
}\r
- \r
+\r
c = this.h[1] >>> 13;\r
this.h[1] &= 0x1fff;\r
for (i = 2; i < 10; i++) {\r
c = this.h[1] >>> 13;\r
this.h[1] &= 0x1fff;\r
this.h[2] += c;\r
- \r
+\r
g[0] = this.h[0] + 5;\r
c = g[0] >>> 13;\r
g[0] &= 0x1fff;\r
g[i] &= 0x1fff;\r
}\r
g[9] -= (1 << 13);\r
- \r
+\r
mask = (c ^ 1) - 1;\r
for (i = 0; i < 10; i++) g[i] &= mask;\r
mask = ~mask;\r
for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i];\r
- \r
+\r
this.h[0] = ((this.h[0] ) | (this.h[1] << 13) ) & 0xffff;\r
this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10) ) & 0xffff;\r
this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7) ) & 0xffff;\r
this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11) ) & 0xffff;\r
this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8) ) & 0xffff;\r
this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5) ) & 0xffff;\r
- \r
+\r
f = this.h[0] + this.pad[0];\r
this.h[0] = f & 0xffff;\r
for (i = 1; i < 8; i++) {\r
f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0;\r
this.h[i] = f & 0xffff;\r
}\r
- \r
+\r
mac[macpos+ 0] = (this.h[0] >>> 0) & 0xff;\r
mac[macpos+ 1] = (this.h[0] >>> 8) & 0xff;\r
mac[macpos+ 2] = (this.h[1] >>> 0) & 0xff;\r
mac[macpos+14] = (this.h[7] >>> 0) & 0xff;\r
mac[macpos+15] = (this.h[7] >>> 8) & 0xff;\r
};\r
- \r
+\r
poly1305.prototype.update = function(m, mpos, bytes) {\r
var i, want;\r
- \r
+\r
if (this.leftover) {\r
want = (16 - this.leftover);\r
if (want > bytes)\r
this.blocks(this.buffer, 0, 16);\r
this.leftover = 0;\r
}\r
- \r
+\r
if (bytes >= 16) {\r
want = bytes - (bytes % 16);\r
this.blocks(m, mpos, want);\r
mpos += want;\r
bytes -= want;\r
}\r
- \r
+\r
if (bytes) {\r
for (i = 0; i < bytes; i++)\r
this.buffer[this.leftover + i] = m[mpos+i];\r
this.leftover += bytes;\r
}\r
};\r
- \r
+\r
function crypto_onetimeauth(out, outpos, m, mpos, n, k) {\r
var s = new poly1305(k);\r
s.update(m, mpos, n);\r
s.finish(out, outpos);\r
return 0;\r
}\r
- \r
+\r
function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {\r
var x = new Uint8Array(16);\r
crypto_onetimeauth(x,0,m,mpos,n,k);\r
return crypto_verify_16(h,hpos,x,0);\r
}\r
- \r
+\r
function crypto_secretbox(c,m,d,n,k) {\r
var i;\r
if (d < 32) return -1;\r
for (i = 0; i < 16; i++) c[i] = 0;\r
return 0;\r
}\r
- \r
+\r
function crypto_secretbox_open(m,c,d,n,k) {\r
var i;\r
var x = new Uint8Array(32);\r
for (i = 0; i < 32; i++) m[i] = 0;\r
return 0;\r
}\r
- \r
+\r
function set25519(r, a) {\r
var i;\r
for (i = 0; i < 16; i++) r[i] = a[i]|0;\r
}\r
- \r
+\r
function car25519(o) {\r
var i, v, c = 1;\r
for (i = 0; i < 16; i++) {\r
}\r
o[0] += c-1 + 37 * (c-1);\r
}\r
- \r
+\r
function sel25519(p, q, b) {\r
var t, c = ~(b-1);\r
for (var i = 0; i < 16; i++) {\r
q[i] ^= t;\r
}\r
}\r
- \r
+\r
function pack25519(o, n) {\r
var i, j, b;\r
var m = gf(), t = gf();\r
o[2*i+1] = t[i]>>8;\r
}\r
}\r
- \r
+\r
function neq25519(a, b) {\r
var c = new Uint8Array(32), d = new Uint8Array(32);\r
pack25519(c, a);\r
pack25519(d, b);\r
return crypto_verify_32(c, 0, d, 0);\r
}\r
- \r
+\r
function par25519(a) {\r
var d = new Uint8Array(32);\r
pack25519(d, a);\r
return d[0] & 1;\r
}\r
- \r
+\r
function unpack25519(o, n) {\r
var i;\r
for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);\r
o[15] &= 0x7fff;\r
}\r
- \r
+\r
function A(o, a, b) {\r
for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];\r
}\r
- \r
+\r
function Z(o, a, b) {\r
for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];\r
}\r
- \r
+\r
function M(o, a, b) {\r
var v, c,\r
t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\r
b13 = b[13],\r
b14 = b[14],\r
b15 = b[15];\r
- \r
+\r
v = a[0];\r
t0 += v * b0;\r
t1 += v * b1;\r
t28 += v * b13;\r
t29 += v * b14;\r
t30 += v * b15;\r
- \r
+\r
t0 += 38 * t16;\r
t1 += 38 * t17;\r
t2 += 38 * t18;\r
t13 += 38 * t29;\r
t14 += 38 * t30;\r
// t15 left as is\r
- \r
+\r
// first car\r
c = 1;\r
v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\r
v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\r
v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\r
t0 += c-1 + 37 * (c-1);\r
- \r
+\r
// second car\r
c = 1;\r
v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\r
v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\r
v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\r
t0 += c-1 + 37 * (c-1);\r
- \r
+\r
o[ 0] = t0;\r
o[ 1] = t1;\r
o[ 2] = t2;\r
o[14] = t14;\r
o[15] = t15;\r
}\r
- \r
+\r
function S(o, a) {\r
M(o, a, a);\r
}\r
- \r
+\r
function inv25519(o, i) {\r
var c = gf();\r
var a;\r
}\r
for (a = 0; a < 16; a++) o[a] = c[a];\r
}\r
- \r
+\r
function pow2523(o, i) {\r
var c = gf();\r
var a;\r
}\r
for (a = 0; a < 16; a++) o[a] = c[a];\r
}\r
- \r
+\r
function crypto_scalarmult(q, n, p) {\r
var z = new Uint8Array(32);\r
var x = new Float64Array(80), r, i;\r
pack25519(q,x16);\r
return 0;\r
}\r
- \r
+\r
function crypto_scalarmult_base(q, n) {\r
return crypto_scalarmult(q, n, _9);\r
}\r
- \r
+\r
function crypto_box_keypair(y, x) {\r
randombytes(x, 32);\r
return crypto_scalarmult_base(y, x);\r
}\r
- \r
+\r
function crypto_box_beforenm(k, y, x) {\r
var s = new Uint8Array(32);\r
crypto_scalarmult(s, x, y);\r
return crypto_core_hsalsa20(k, _0, s, sigma);\r
}\r
- \r
+\r
var crypto_box_afternm = crypto_secretbox;\r
var crypto_box_open_afternm = crypto_secretbox_open;\r
- \r
+\r
function crypto_box(c, m, d, n, y, x) {\r
var k = new Uint8Array(32);\r
crypto_box_beforenm(k, y, x);\r
return crypto_box_afternm(c, m, d, n, k);\r
}\r
- \r
+\r
function crypto_box_open(m, c, d, n, y, x) {\r
var k = new Uint8Array(32);\r
crypto_box_beforenm(k, y, x);\r
return crypto_box_open_afternm(m, c, d, n, k);\r
}\r
- \r
+\r
var K = [\r
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\r
0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\r
0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,\r
0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817\r
];\r
- \r
+\r
function crypto_hashblocks_hl(hh, hl, m, n) {\r
var wh = new Int32Array(16), wl = new Int32Array(16),\r
bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,\r
bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,\r
th, tl, i, j, h, l, a, b, c, d;\r
- \r
+\r
var ah0 = hh[0],\r
ah1 = hh[1],\r
ah2 = hh[2],\r
ah5 = hh[5],\r
ah6 = hh[6],\r
ah7 = hh[7],\r
- \r
+\r
al0 = hl[0],\r
al1 = hl[1],\r
al2 = hl[2],\r
al5 = hl[5],\r
al6 = hl[6],\r
al7 = hl[7];\r
- \r
+\r
var pos = 0;\r
while (n >= 128) {\r
for (i = 0; i < 16; i++) {\r
bh5 = ah5;\r
bh6 = ah6;\r
bh7 = ah7;\r
- \r
+\r
bl0 = al0;\r
bl1 = al1;\r
bl2 = al2;\r
bl5 = al5;\r
bl6 = al6;\r
bl7 = al7;\r
- \r
+\r
// add\r
h = ah7;\r
l = al7;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
// Sigma1\r
h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));\r
l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// Ch\r
h = (ah4 & ah5) ^ (~ah4 & ah6);\r
l = (al4 & al5) ^ (~al4 & al6);\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// K\r
h = K[i*2];\r
l = K[i*2+1];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// w\r
h = wh[i%16];\r
l = wl[i%16];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
th = c & 0xffff | d << 16;\r
tl = a & 0xffff | b << 16;\r
- \r
+\r
// add\r
h = th;\r
l = tl;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
// Sigma0\r
h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));\r
l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// Maj\r
h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);\r
l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
bh7 = (c & 0xffff) | (d << 16);\r
bl7 = (a & 0xffff) | (b << 16);\r
- \r
+\r
// add\r
h = bh3;\r
l = bl3;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = th;\r
l = tl;\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
bh3 = (c & 0xffff) | (d << 16);\r
bl3 = (a & 0xffff) | (b << 16);\r
- \r
+\r
ah1 = bh0;\r
ah2 = bh1;\r
ah3 = bh2;\r
ah6 = bh5;\r
ah7 = bh6;\r
ah0 = bh7;\r
- \r
+\r
al1 = bl0;\r
al2 = bl1;\r
al3 = bl2;\r
al6 = bl5;\r
al7 = bl6;\r
al0 = bl7;\r
- \r
+\r
if (i%16 === 15) {\r
for (j = 0; j < 16; j++) {\r
// add\r
h = wh[j];\r
l = wl[j];\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = wh[(j+9)%16];\r
l = wl[(j+9)%16];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// sigma0\r
th = wh[(j+1)%16];\r
tl = wl[(j+1)%16];\r
h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);\r
l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
// sigma1\r
th = wh[(j+14)%16];\r
tl = wl[(j+14)%16];\r
h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);\r
l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
wh[j] = (c & 0xffff) | (d << 16);\r
wl[j] = (a & 0xffff) | (b << 16);\r
}\r
}\r
}\r
- \r
+\r
// add\r
h = ah0;\r
l = al0;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[0];\r
l = hl[0];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[0] = ah0 = (c & 0xffff) | (d << 16);\r
hl[0] = al0 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah1;\r
l = al1;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[1];\r
l = hl[1];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[1] = ah1 = (c & 0xffff) | (d << 16);\r
hl[1] = al1 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah2;\r
l = al2;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[2];\r
l = hl[2];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[2] = ah2 = (c & 0xffff) | (d << 16);\r
hl[2] = al2 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah3;\r
l = al3;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[3];\r
l = hl[3];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[3] = ah3 = (c & 0xffff) | (d << 16);\r
hl[3] = al3 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah4;\r
l = al4;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[4];\r
l = hl[4];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[4] = ah4 = (c & 0xffff) | (d << 16);\r
hl[4] = al4 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah5;\r
l = al5;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[5];\r
l = hl[5];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[5] = ah5 = (c & 0xffff) | (d << 16);\r
hl[5] = al5 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah6;\r
l = al6;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[6];\r
l = hl[6];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[6] = ah6 = (c & 0xffff) | (d << 16);\r
hl[6] = al6 = (a & 0xffff) | (b << 16);\r
- \r
+\r
h = ah7;\r
l = al7;\r
- \r
+\r
a = l & 0xffff; b = l >>> 16;\r
c = h & 0xffff; d = h >>> 16;\r
- \r
+\r
h = hh[7];\r
l = hl[7];\r
- \r
+\r
a += l & 0xffff; b += l >>> 16;\r
c += h & 0xffff; d += h >>> 16;\r
- \r
+\r
b += a >>> 16;\r
c += b >>> 16;\r
d += c >>> 16;\r
- \r
+\r
hh[7] = ah7 = (c & 0xffff) | (d << 16);\r
hl[7] = al7 = (a & 0xffff) | (b << 16);\r
- \r
+\r
pos += 128;\r
n -= 128;\r
}\r
- \r
+\r
return n;\r
}\r
- \r
+\r
function crypto_hash(out, m, n) {\r
var hh = new Int32Array(8),\r
hl = new Int32Array(8),\r
x = new Uint8Array(256),\r
i, b = n;\r
- \r
+\r
hh[0] = 0x6a09e667;\r
hh[1] = 0xbb67ae85;\r
hh[2] = 0x3c6ef372;\r
hh[5] = 0x9b05688c;\r
hh[6] = 0x1f83d9ab;\r
hh[7] = 0x5be0cd19;\r
- \r
+\r
hl[0] = 0xf3bcc908;\r
hl[1] = 0x84caa73b;\r
hl[2] = 0xfe94f82b;\r
hl[5] = 0x2b3e6c1f;\r
hl[6] = 0xfb41bd6b;\r
hl[7] = 0x137e2179;\r
- \r
+\r
crypto_hashblocks_hl(hh, hl, m, n);\r
n %= 128;\r
- \r
+\r
for (i = 0; i < n; i++) x[i] = m[b-n+i];\r
x[n] = 128;\r
- \r
+\r
n = 256-128*(n<112?1:0);\r
x[n-9] = 0;\r
ts64(x, n-8, (b / 0x20000000) | 0, b << 3);\r
crypto_hashblocks_hl(hh, hl, x, n);\r
- \r
+\r
for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);\r
- \r
+\r
return 0;\r
}\r
- \r
+\r
function crypto_hash_blake2b(out, m, n) {\r
const input = new Uint8Array(n)\r
for (let i = 0; i < n; ++i) {\r
}\r
return 0\r
}\r
- \r
+\r
function add(p, q) {\r
var a = gf(), b = gf(), c = gf(),\r
d = gf(), e = gf(), f = gf(),\r
g = gf(), h = gf(), t = gf();\r
- \r
+\r
Z(a, p[1], p[0]);\r
Z(t, q[1], q[0]);\r
M(a, a, t);\r
Z(f, d, c);\r
A(g, d, c);\r
A(h, b, a);\r
- \r
+\r
M(p[0], e, f);\r
M(p[1], h, g);\r
M(p[2], g, f);\r
M(p[3], e, h);\r
}\r
- \r
+\r
function cswap(p, q, b) {\r
var i;\r
for (i = 0; i < 4; i++) {\r
sel25519(p[i], q[i], b);\r
}\r
}\r
- \r
+\r
function pack(r, p) {\r
var tx = gf(), ty = gf(), zi = gf();\r
inv25519(zi, p[2]);\r
pack25519(r, ty);\r
r[31] ^= par25519(tx) << 7;\r
}\r
- \r
+\r
function scalarmult(p, q, s) {\r
var b, i;\r
set25519(p[0], gf0);\r
cswap(p, q, b);\r
}\r
}\r
- \r
+\r
function scalarbase(p, s) {\r
var q = [gf(), gf(), gf(), gf()];\r
set25519(q[0], X);\r
M(q[3], X, Y);\r
scalarmult(p, q, s);\r
}\r
- \r
+\r
function crypto_sign_keypair(pk, sk, seeded?) {\r
var d = new Uint8Array(64);\r
var p = [gf(), gf(), gf(), gf()];\r
var i;\r
- \r
+\r
if (!seeded) randombytes(sk, 32);\r
crypto_hash(d, sk, 32);\r
d[0] &= 248;\r
d[31] &= 127;\r
d[31] |= 64;\r
- \r
+\r
scalarbase(p, d);\r
pack(pk, p);\r
- \r
+\r
for (i = 0; i < 32; i++) sk[i+32] = pk[i];\r
return 0;\r
}\r
- \r
+\r
var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\r
- \r
+\r
function modL(r, x) {\r
var carry, i, j, k;\r
for (i = 63; i >= 32; --i) {\r
r[i] = x[i] & 255;\r
}\r
}\r
- \r
+\r
function reduce(r) {\r
var x = new Float64Array(64), i;\r
for (i = 0; i < 64; i++) x[i] = r[i];\r
for (i = 0; i < 64; i++) r[i] = 0;\r
modL(r, x);\r
}\r
- \r
+\r
// Note: difference from C - smlen returned, not passed as argument.\r
function crypto_sign(sm, m, n, sk) {\r
var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);\r
var i, j, x = new Float64Array(64);\r
var p = [gf(), gf(), gf(), gf()];\r
- \r
+\r
crypto_hash(d, sk, 32);\r
d[0] &= 248;\r
d[31] &= 127;\r
d[31] |= 64;\r
- \r
+\r
var smlen = n + 64;\r
for (i = 0; i < n; i++) sm[64 + i] = m[i];\r
for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];\r
- \r
+\r
crypto_hash(r, sm.subarray(32), n+32);\r
reduce(r);\r
scalarbase(p, r);\r
pack(sm, p);\r
- \r
+\r
for (i = 32; i < 64; i++) sm[i] = sk[i];\r
crypto_hash(h, sm, n + 64);\r
reduce(h);\r
- \r
+\r
for (i = 0; i < 64; i++) x[i] = 0;\r
for (i = 0; i < 32; i++) x[i] = r[i];\r
for (i = 0; i < 32; i++) {\r
x[i+j] += h[i] * d[j];\r
}\r
}\r
- \r
+\r
modL(sm.subarray(32), x);\r
return smlen;\r
}\r
- \r
+\r
function unpackneg(r, p) {\r
var t = gf(), chk = gf(), num = gf(),\r
den = gf(), den2 = gf(), den4 = gf(),\r
den6 = gf();\r
- \r
+\r
set25519(r[2], gf1);\r
unpack25519(r[1], p);\r
S(num, r[1]);\r
M(den, num, D);\r
Z(num, num, r[2]);\r
A(den, r[2], den);\r
- \r
+\r
S(den2, den);\r
S(den4, den2);\r
M(den6, den4, den2);\r
M(t, den6, num);\r
M(t, t, den);\r
- \r
+\r
pow2523(t, t);\r
M(t, t, num);\r
M(t, t, den);\r
M(t, t, den);\r
M(r[0], t, den);\r
- \r
+\r
S(chk, r[0]);\r
M(chk, chk, den);\r
if (neq25519(chk, num)) M(r[0], r[0], I);\r
- \r
+\r
S(chk, r[0]);\r
M(chk, chk, den);\r
if (neq25519(chk, num)) return -1;\r
- \r
+\r
if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);\r
- \r
+\r
M(r[3], r[0], r[1]);\r
return 0;\r
}\r
- \r
+\r
function crypto_sign_open(m, sm, n, pk) {\r
var i;\r
var t = new Uint8Array(32), h = new Uint8Array(64);\r
var p = [gf(), gf(), gf(), gf()],\r
q = [gf(), gf(), gf(), gf()];\r
- \r
+\r
if (n < 64) return -1;\r
- \r
+\r
if (unpackneg(q, pk)) return -1;\r
- \r
+\r
for (i = 0; i < n; i++) m[i] = sm[i];\r
for (i = 0; i < 32; i++) m[i+32] = pk[i];\r
crypto_hash(h, m, n);\r
reduce(h);\r
scalarmult(p, q, h);\r
- \r
+\r
scalarbase(q, sm.subarray(32));\r
add(p, q);\r
pack(t, p);\r
- \r
+\r
n -= 64;\r
if (crypto_verify_32(sm, 0, t, 0)) {\r
for (i = 0; i < n; i++) m[i] = 0;\r
return -1;\r
}\r
- \r
+\r
for (i = 0; i < n; i++) m[i] = sm[i + 64];\r
return n;\r
}\r
- \r
+\r
var crypto_secretbox_KEYBYTES = 32,\r
crypto_secretbox_NONCEBYTES = 24,\r
crypto_secretbox_ZEROBYTES = 32,\r
crypto_sign_SECRETKEYBYTES = 64,\r
crypto_sign_SEEDBYTES = 32,\r
crypto_hash_BYTES = 64;\r
- \r
+\r
lowlevel = {\r
crypto_core_hsalsa20: crypto_core_hsalsa20,\r
crypto_stream_xor: crypto_stream_xor,\r
crypto_sign: crypto_sign,\r
crypto_sign_keypair: crypto_sign_keypair,\r
crypto_sign_open: crypto_sign_open,\r
- \r
+\r
crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES,\r
crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES,\r
crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES,\r
crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,\r
crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES,\r
crypto_hash_BYTES: crypto_hash_BYTES,\r
- \r
+\r
gf: gf,\r
D: D,\r
L: L,\r
scalarmult: scalarmult,\r
scalarbase: scalarbase,\r
};\r
- \r
+\r
/* High-level API */\r
- \r
+\r
function checkLengths(k, n) {\r
if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size');\r
if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size');\r
}\r
- \r
- function checkBoxLengths(pk, sk) {\r
- if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size');\r
- if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');\r
- }\r
- \r
+\r
function checkArrayTypes() {\r
for (var i = 0; i < arguments.length; i++) {\r
if (!(arguments[i] instanceof Uint8Array))\r
throw new TypeError('unexpected type, use Uint8Array');\r
}\r
}\r
- \r
+\r
function cleanup(arr) {\r
for (var i = 0; i < arr.length; i++) arr[i] = 0;\r
}\r
- \r
+\r
secretbox = function(msg, nonce, key) {\r
checkArrayTypes(msg, nonce, key);\r
checkLengths(key, nonce);\r
crypto_secretbox(c, m, m.length, nonce, key);\r
return c.subarray(crypto_secretbox_BOXZEROBYTES);\r
};\r
- \r
+\r
secretbox.open = function(box, nonce, key) {\r
checkArrayTypes(box, nonce, key);\r
checkLengths(key, nonce);\r
if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null;\r
return m.subarray(crypto_secretbox_ZEROBYTES);\r
};\r
- \r
+\r
secretbox.keyLength = crypto_secretbox_KEYBYTES;\r
secretbox.nonceLength = crypto_secretbox_NONCEBYTES;\r
secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES;\r
- \r
+\r
scalarMult = function(n, p) {\r
checkArrayTypes(n, p);\r
if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\r
crypto_scalarmult(q, n, p);\r
return q;\r
};\r
- \r
+\r
scalarMult.base = function(n) {\r
checkArrayTypes(n);\r
if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');\r
crypto_scalarmult_base(q, n);\r
return q;\r
};\r
- \r
+\r
scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES;\r
scalarMult.groupElementLength = crypto_scalarmult_BYTES;\r
\r
- box = function(msg, nonce, publicKey, secretKey) {\r
- var k = box.before(publicKey, secretKey);\r
- return secretbox(msg, nonce, k);\r
- };\r
- \r
- box.before = function(publicKey, secretKey) {\r
- checkArrayTypes(publicKey, secretKey);\r
- checkBoxLengths(publicKey, secretKey);\r
- var k = new Uint8Array(crypto_box_BEFORENMBYTES);\r
- crypto_box_beforenm(k, publicKey, secretKey);\r
- return k;\r
- };\r
- \r
- box.after = secretbox;\r
- \r
- box.open = function(msg, nonce, publicKey, secretKey) {\r
- var k = box.before(publicKey, secretKey);\r
- return secretbox.open(msg, nonce, k);\r
- };\r
- \r
- box.open.after = secretbox.open;\r
- \r
- box.keyPair = function() {\r
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\r
- var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);\r
- crypto_box_keypair(pk, sk);\r
- return {publicKey: pk, secretKey: sk};\r
- };\r
- \r
- box.keyPair.fromSecretKey = function(secretKey) {\r
- checkArrayTypes(secretKey);\r
- if (secretKey.length !== crypto_box_SECRETKEYBYTES)\r
- throw new Error('bad secret key size');\r
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);\r
- crypto_scalarmult_base(pk, secretKey);\r
- return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\r
- };\r
- \r
- box.publicKeyLength = crypto_box_PUBLICKEYBYTES;\r
- box.secretKeyLength = crypto_box_SECRETKEYBYTES;\r
- box.sharedKeyLength = crypto_box_BEFORENMBYTES;\r
- box.nonceLength = crypto_box_NONCEBYTES;\r
- box.overheadLength = secretbox.overheadLength;\r
- \r
sign = function(msg, secretKey) {\r
checkArrayTypes(msg, secretKey);\r
if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\r
crypto_sign(signedMsg, msg, msg.length, secretKey);\r
return signedMsg;\r
};\r
- \r
+\r
sign.open = function(signedMsg, publicKey) {\r
checkArrayTypes(signedMsg, publicKey);\r
if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)\r
for (var i = 0; i < m.length; i++) m[i] = tmp[i];\r
return m;\r
};\r
- \r
+\r
sign.detached = function(msg, secretKey) {\r
var signedMsg = sign(msg, secretKey);\r
var sig = new Uint8Array(crypto_sign_BYTES);\r
for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];\r
return sig;\r
};\r
- \r
+\r
sign.detached.verify = function(msg, sig, publicKey) {\r
checkArrayTypes(msg, sig, publicKey);\r
if (sig.length !== crypto_sign_BYTES)\r
for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];\r
return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\r
};\r
- \r
+\r
sign.keyPair = function() {\r
var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);\r
var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);\r
crypto_sign_keypair(pk, sk);\r
return {publicKey: pk, secretKey: sk};\r
};\r
- \r
+\r
sign.keyPair.fromSecretKey = function(secretKey) {\r
checkArrayTypes(secretKey);\r
if (secretKey.length !== crypto_sign_SECRETKEYBYTES)\r
for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];\r
return {publicKey: pk, secretKey: new Uint8Array(secretKey)};\r
};\r
- \r
+\r
sign.keyPair.fromSeed = function(seed) {\r
checkArrayTypes(seed);\r
if (seed.length !== crypto_sign_SEEDBYTES)\r
crypto_sign_keypair(pk, sk, true);\r
return {publicKey: pk, secretKey: sk};\r
};\r
- \r
+\r
sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;\r
sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;\r
sign.seedLength = crypto_sign_SEEDBYTES;\r
sign.signatureLength = crypto_sign_BYTES;\r
- \r
+\r
hash = function(msg) {\r
checkArrayTypes(msg);\r
var h = new Uint8Array(crypto_hash_BYTES);\r
crypto_hash(h, msg, msg.length);\r
return h;\r
};\r
- \r
+\r
hash.hashLength = crypto_hash_BYTES;\r
- \r
+\r
verify = function(x, y) {\r
checkArrayTypes(x, y);\r
// Zero length arguments are considered not equal.\r
if (x.length !== y.length) return false;\r
return (vn(x, 0, y, 0, x.length) === 0) ? true : false;\r
};\r
- \r
+\r
const setPRNG = function(fn) {\r
randombytes = fn;\r
};\r
- \r
+\r
(function() {\r
// Initialize PRNG if environment provides CSPRNG.\r
// If not, methods calling randombytes will throw.\r
}\r
}\r
})();\r
- \r
+\r
export { sign, verify }\r
projects / libnemo.git / commitdiff