return (1 & ((d - 1) >>> 8)) - 1;\r
}\r
\r
- function crypto_verify_16(x, xi, y, yi) {\r
- return vn(x,xi,y,yi,16);\r
- }\r
-\r
function crypto_verify_32(x, xi, y, yi) {\r
return vn(x,xi,y,yi,32);\r
}\r
\r
- function core_salsa20(o, p, k, c) {\r
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,\r
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,\r
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,\r
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,\r
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,\r
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,\r
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,\r
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,\r
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,\r
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,\r
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,\r
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,\r
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,\r
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,\r
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,\r
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;\r
-\r
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,\r
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,\r
- x15 = j15, u;\r
-\r
- for (var i = 0; i < 20; i += 2) {\r
- u = x0 + x12 | 0;\r
- x4 ^= u<<7 | u>>>(32-7);\r
- u = x4 + x0 | 0;\r
- x8 ^= u<<9 | u>>>(32-9);\r
- u = x8 + x4 | 0;\r
- x12 ^= u<<13 | u>>>(32-13);\r
- u = x12 + x8 | 0;\r
- x0 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x5 + x1 | 0;\r
- x9 ^= u<<7 | u>>>(32-7);\r
- u = x9 + x5 | 0;\r
- x13 ^= u<<9 | u>>>(32-9);\r
- u = x13 + x9 | 0;\r
- x1 ^= u<<13 | u>>>(32-13);\r
- u = x1 + x13 | 0;\r
- x5 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x10 + x6 | 0;\r
- x14 ^= u<<7 | u>>>(32-7);\r
- u = x14 + x10 | 0;\r
- x2 ^= u<<9 | u>>>(32-9);\r
- u = x2 + x14 | 0;\r
- x6 ^= u<<13 | u>>>(32-13);\r
- u = x6 + x2 | 0;\r
- x10 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x15 + x11 | 0;\r
- x3 ^= u<<7 | u>>>(32-7);\r
- u = x3 + x15 | 0;\r
- x7 ^= u<<9 | u>>>(32-9);\r
- u = x7 + x3 | 0;\r
- x11 ^= u<<13 | u>>>(32-13);\r
- u = x11 + x7 | 0;\r
- x15 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x0 + x3 | 0;\r
- x1 ^= u<<7 | u>>>(32-7);\r
- u = x1 + x0 | 0;\r
- x2 ^= u<<9 | u>>>(32-9);\r
- u = x2 + x1 | 0;\r
- x3 ^= u<<13 | u>>>(32-13);\r
- u = x3 + x2 | 0;\r
- x0 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x5 + x4 | 0;\r
- x6 ^= u<<7 | u>>>(32-7);\r
- u = x6 + x5 | 0;\r
- x7 ^= u<<9 | u>>>(32-9);\r
- u = x7 + x6 | 0;\r
- x4 ^= u<<13 | u>>>(32-13);\r
- u = x4 + x7 | 0;\r
- x5 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x10 + x9 | 0;\r
- x11 ^= u<<7 | u>>>(32-7);\r
- u = x11 + x10 | 0;\r
- x8 ^= u<<9 | u>>>(32-9);\r
- u = x8 + x11 | 0;\r
- x9 ^= u<<13 | u>>>(32-13);\r
- u = x9 + x8 | 0;\r
- x10 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x15 + x14 | 0;\r
- x12 ^= u<<7 | u>>>(32-7);\r
- u = x12 + x15 | 0;\r
- x13 ^= u<<9 | u>>>(32-9);\r
- u = x13 + x12 | 0;\r
- x14 ^= u<<13 | u>>>(32-13);\r
- u = x14 + x13 | 0;\r
- x15 ^= u<<18 | u>>>(32-18);\r
- }\r
- x0 = x0 + j0 | 0;\r
- x1 = x1 + j1 | 0;\r
- x2 = x2 + j2 | 0;\r
- x3 = x3 + j3 | 0;\r
- x4 = x4 + j4 | 0;\r
- x5 = x5 + j5 | 0;\r
- x6 = x6 + j6 | 0;\r
- x7 = x7 + j7 | 0;\r
- x8 = x8 + j8 | 0;\r
- x9 = x9 + j9 | 0;\r
- x10 = x10 + j10 | 0;\r
- x11 = x11 + j11 | 0;\r
- x12 = x12 + j12 | 0;\r
- x13 = x13 + j13 | 0;\r
- x14 = x14 + j14 | 0;\r
- x15 = x15 + j15 | 0;\r
-\r
- o[ 0] = x0 >>> 0 & 0xff;\r
- o[ 1] = x0 >>> 8 & 0xff;\r
- o[ 2] = x0 >>> 16 & 0xff;\r
- o[ 3] = x0 >>> 24 & 0xff;\r
-\r
- o[ 4] = x1 >>> 0 & 0xff;\r
- o[ 5] = x1 >>> 8 & 0xff;\r
- o[ 6] = x1 >>> 16 & 0xff;\r
- o[ 7] = x1 >>> 24 & 0xff;\r
-\r
- o[ 8] = x2 >>> 0 & 0xff;\r
- o[ 9] = x2 >>> 8 & 0xff;\r
- o[10] = x2 >>> 16 & 0xff;\r
- o[11] = x2 >>> 24 & 0xff;\r
-\r
- o[12] = x3 >>> 0 & 0xff;\r
- o[13] = x3 >>> 8 & 0xff;\r
- o[14] = x3 >>> 16 & 0xff;\r
- o[15] = x3 >>> 24 & 0xff;\r
-\r
- o[16] = x4 >>> 0 & 0xff;\r
- o[17] = x4 >>> 8 & 0xff;\r
- o[18] = x4 >>> 16 & 0xff;\r
- o[19] = x4 >>> 24 & 0xff;\r
-\r
- o[20] = x5 >>> 0 & 0xff;\r
- o[21] = x5 >>> 8 & 0xff;\r
- o[22] = x5 >>> 16 & 0xff;\r
- o[23] = x5 >>> 24 & 0xff;\r
-\r
- o[24] = x6 >>> 0 & 0xff;\r
- o[25] = x6 >>> 8 & 0xff;\r
- o[26] = x6 >>> 16 & 0xff;\r
- o[27] = x6 >>> 24 & 0xff;\r
-\r
- o[28] = x7 >>> 0 & 0xff;\r
- o[29] = x7 >>> 8 & 0xff;\r
- o[30] = x7 >>> 16 & 0xff;\r
- o[31] = x7 >>> 24 & 0xff;\r
-\r
- o[32] = x8 >>> 0 & 0xff;\r
- o[33] = x8 >>> 8 & 0xff;\r
- o[34] = x8 >>> 16 & 0xff;\r
- o[35] = x8 >>> 24 & 0xff;\r
-\r
- o[36] = x9 >>> 0 & 0xff;\r
- o[37] = x9 >>> 8 & 0xff;\r
- o[38] = x9 >>> 16 & 0xff;\r
- o[39] = x9 >>> 24 & 0xff;\r
-\r
- o[40] = x10 >>> 0 & 0xff;\r
- o[41] = x10 >>> 8 & 0xff;\r
- o[42] = x10 >>> 16 & 0xff;\r
- o[43] = x10 >>> 24 & 0xff;\r
-\r
- o[44] = x11 >>> 0 & 0xff;\r
- o[45] = x11 >>> 8 & 0xff;\r
- o[46] = x11 >>> 16 & 0xff;\r
- o[47] = x11 >>> 24 & 0xff;\r
-\r
- o[48] = x12 >>> 0 & 0xff;\r
- o[49] = x12 >>> 8 & 0xff;\r
- o[50] = x12 >>> 16 & 0xff;\r
- o[51] = x12 >>> 24 & 0xff;\r
-\r
- o[52] = x13 >>> 0 & 0xff;\r
- o[53] = x13 >>> 8 & 0xff;\r
- o[54] = x13 >>> 16 & 0xff;\r
- o[55] = x13 >>> 24 & 0xff;\r
-\r
- o[56] = x14 >>> 0 & 0xff;\r
- o[57] = x14 >>> 8 & 0xff;\r
- o[58] = x14 >>> 16 & 0xff;\r
- o[59] = x14 >>> 24 & 0xff;\r
-\r
- o[60] = x15 >>> 0 & 0xff;\r
- o[61] = x15 >>> 8 & 0xff;\r
- o[62] = x15 >>> 16 & 0xff;\r
- o[63] = x15 >>> 24 & 0xff;\r
- }\r
-\r
- function core_hsalsa20(o,p,k,c) {\r
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,\r
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,\r
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,\r
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,\r
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,\r
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,\r
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,\r
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,\r
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,\r
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,\r
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,\r
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,\r
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,\r
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,\r
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,\r
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;\r
-\r
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,\r
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,\r
- x15 = j15, u;\r
-\r
- for (var i = 0; i < 20; i += 2) {\r
- u = x0 + x12 | 0;\r
- x4 ^= u<<7 | u>>>(32-7);\r
- u = x4 + x0 | 0;\r
- x8 ^= u<<9 | u>>>(32-9);\r
- u = x8 + x4 | 0;\r
- x12 ^= u<<13 | u>>>(32-13);\r
- u = x12 + x8 | 0;\r
- x0 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x5 + x1 | 0;\r
- x9 ^= u<<7 | u>>>(32-7);\r
- u = x9 + x5 | 0;\r
- x13 ^= u<<9 | u>>>(32-9);\r
- u = x13 + x9 | 0;\r
- x1 ^= u<<13 | u>>>(32-13);\r
- u = x1 + x13 | 0;\r
- x5 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x10 + x6 | 0;\r
- x14 ^= u<<7 | u>>>(32-7);\r
- u = x14 + x10 | 0;\r
- x2 ^= u<<9 | u>>>(32-9);\r
- u = x2 + x14 | 0;\r
- x6 ^= u<<13 | u>>>(32-13);\r
- u = x6 + x2 | 0;\r
- x10 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x15 + x11 | 0;\r
- x3 ^= u<<7 | u>>>(32-7);\r
- u = x3 + x15 | 0;\r
- x7 ^= u<<9 | u>>>(32-9);\r
- u = x7 + x3 | 0;\r
- x11 ^= u<<13 | u>>>(32-13);\r
- u = x11 + x7 | 0;\r
- x15 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x0 + x3 | 0;\r
- x1 ^= u<<7 | u>>>(32-7);\r
- u = x1 + x0 | 0;\r
- x2 ^= u<<9 | u>>>(32-9);\r
- u = x2 + x1 | 0;\r
- x3 ^= u<<13 | u>>>(32-13);\r
- u = x3 + x2 | 0;\r
- x0 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x5 + x4 | 0;\r
- x6 ^= u<<7 | u>>>(32-7);\r
- u = x6 + x5 | 0;\r
- x7 ^= u<<9 | u>>>(32-9);\r
- u = x7 + x6 | 0;\r
- x4 ^= u<<13 | u>>>(32-13);\r
- u = x4 + x7 | 0;\r
- x5 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x10 + x9 | 0;\r
- x11 ^= u<<7 | u>>>(32-7);\r
- u = x11 + x10 | 0;\r
- x8 ^= u<<9 | u>>>(32-9);\r
- u = x8 + x11 | 0;\r
- x9 ^= u<<13 | u>>>(32-13);\r
- u = x9 + x8 | 0;\r
- x10 ^= u<<18 | u>>>(32-18);\r
-\r
- u = x15 + x14 | 0;\r
- x12 ^= u<<7 | u>>>(32-7);\r
- u = x12 + x15 | 0;\r
- x13 ^= u<<9 | u>>>(32-9);\r
- u = x13 + x12 | 0;\r
- x14 ^= u<<13 | u>>>(32-13);\r
- u = x14 + x13 | 0;\r
- x15 ^= u<<18 | u>>>(32-18);\r
- }\r
-\r
- o[ 0] = x0 >>> 0 & 0xff;\r
- o[ 1] = x0 >>> 8 & 0xff;\r
- o[ 2] = x0 >>> 16 & 0xff;\r
- o[ 3] = x0 >>> 24 & 0xff;\r
-\r
- o[ 4] = x5 >>> 0 & 0xff;\r
- o[ 5] = x5 >>> 8 & 0xff;\r
- o[ 6] = x5 >>> 16 & 0xff;\r
- o[ 7] = x5 >>> 24 & 0xff;\r
-\r
- o[ 8] = x10 >>> 0 & 0xff;\r
- o[ 9] = x10 >>> 8 & 0xff;\r
- o[10] = x10 >>> 16 & 0xff;\r
- o[11] = x10 >>> 24 & 0xff;\r
-\r
- o[12] = x15 >>> 0 & 0xff;\r
- o[13] = x15 >>> 8 & 0xff;\r
- o[14] = x15 >>> 16 & 0xff;\r
- o[15] = x15 >>> 24 & 0xff;\r
-\r
- o[16] = x6 >>> 0 & 0xff;\r
- o[17] = x6 >>> 8 & 0xff;\r
- o[18] = x6 >>> 16 & 0xff;\r
- o[19] = x6 >>> 24 & 0xff;\r
-\r
- o[20] = x7 >>> 0 & 0xff;\r
- o[21] = x7 >>> 8 & 0xff;\r
- o[22] = x7 >>> 16 & 0xff;\r
- o[23] = x7 >>> 24 & 0xff;\r
-\r
- o[24] = x8 >>> 0 & 0xff;\r
- o[25] = x8 >>> 8 & 0xff;\r
- o[26] = x8 >>> 16 & 0xff;\r
- o[27] = x8 >>> 24 & 0xff;\r
-\r
- o[28] = x9 >>> 0 & 0xff;\r
- o[29] = x9 >>> 8 & 0xff;\r
- o[30] = x9 >>> 16 & 0xff;\r
- o[31] = x9 >>> 24 & 0xff;\r
- }\r
-\r
- function crypto_core_salsa20(out,inp,k,c) {\r
- core_salsa20(out,inp,k,c);\r
- }\r
-\r
- function crypto_core_hsalsa20(out,inp,k,c) {\r
- core_hsalsa20(out,inp,k,c);\r
- }\r
-\r
- var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);\r
- // "expand 32-byte k"\r
-\r
- function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) {\r
- var z = new Uint8Array(16), x = new Uint8Array(64);\r
- var u, i;\r
- for (i = 0; i < 16; i++) z[i] = 0;\r
- for (i = 0; i < 8; i++) z[i] = n[i];\r
- while (b >= 64) {\r
- crypto_core_salsa20(x,z,k,sigma);\r
- for (i = 0; i < 64; i++) c[cpos+i] = m[mpos+i] ^ x[i];\r
- u = 1;\r
- for (i = 8; i < 16; i++) {\r
- u = u + (z[i] & 0xff) | 0;\r
- z[i] = u & 0xff;\r
- u >>>= 8;\r
- }\r
- b -= 64;\r
- cpos += 64;\r
- mpos += 64;\r
- }\r
- if (b > 0) {\r
- crypto_core_salsa20(x,z,k,sigma);\r
- for (i = 0; i < b; i++) c[cpos+i] = m[mpos+i] ^ x[i];\r
- }\r
- return 0;\r
- }\r
-\r
- function crypto_stream_salsa20(c,cpos,b,n,k) {\r
- var z = new Uint8Array(16), x = new Uint8Array(64);\r
- var u, i;\r
- for (i = 0; i < 16; i++) z[i] = 0;\r
- for (i = 0; i < 8; i++) z[i] = n[i];\r
- while (b >= 64) {\r
- crypto_core_salsa20(x,z,k,sigma);\r
- for (i = 0; i < 64; i++) c[cpos+i] = x[i];\r
- u = 1;\r
- for (i = 8; i < 16; i++) {\r
- u = u + (z[i] & 0xff) | 0;\r
- z[i] = u & 0xff;\r
- u >>>= 8;\r
- }\r
- b -= 64;\r
- cpos += 64;\r
- }\r
- if (b > 0) {\r
- crypto_core_salsa20(x,z,k,sigma);\r
- for (i = 0; i < b; i++) c[cpos+i] = x[i];\r
- }\r
- return 0;\r
- }\r
-\r
- function crypto_stream(c,cpos,d,n,k) {\r
- var s = new Uint8Array(32);\r
- crypto_core_hsalsa20(s,n,k,sigma);\r
- var sn = new Uint8Array(8);\r
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];\r
- return crypto_stream_salsa20(c,cpos,d,sn,s);\r
- }\r
-\r
- function crypto_stream_xor(c,cpos,m,mpos,d,n,k) {\r
- var s = new Uint8Array(32);\r
- crypto_core_hsalsa20(s,n,k,sigma);\r
- var sn = new Uint8Array(8);\r
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];\r
- return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,sn,s);\r
- }\r
-\r
/*\r
* Port of Andrew Moon's Poly1305-donna-16. Public domain.\r
* https://github.com/floodyberry/poly1305-donna\r
}\r
};\r
\r
- function crypto_onetimeauth(out, outpos, m, mpos, n, k) {\r
- var s = new poly1305(k);\r
- s.update(m, mpos, n);\r
- s.finish(out, outpos);\r
- return 0;\r
- }\r
-\r
- function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {\r
- var x = new Uint8Array(16);\r
- crypto_onetimeauth(x,0,m,mpos,n,k);\r
- return crypto_verify_16(h,hpos,x,0);\r
- }\r
-\r
- function crypto_secretbox(c,m,d,n,k) {\r
- var i;\r
- if (d < 32) return -1;\r
- crypto_stream_xor(c,0,m,0,d,n,k);\r
- crypto_onetimeauth(c, 16, c, 32, d - 32, c);\r
- for (i = 0; i < 16; i++) c[i] = 0;\r
- return 0;\r
- }\r
-\r
- function crypto_secretbox_open(m,c,d,n,k) {\r
- var i;\r
- var x = new Uint8Array(32);\r
- if (d < 32) return -1;\r
- crypto_stream(x,0,32,n,k);\r
- if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1;\r
- crypto_stream_xor(m,0,c,0,d,n,k);\r
- for (i = 0; i < 32; i++) m[i] = 0;\r
- return 0;\r
- }\r
-\r
function set25519(r, a) {\r
var i;\r
for (i = 0; i < 16; i++) r[i] = a[i]|0;\r
for (a = 0; a < 16; a++) o[a] = c[a];\r
}\r
\r
- function crypto_scalarmult(q, n, p) {\r
- var z = new Uint8Array(32);\r
- var x = new Float64Array(80), r, i;\r
- var a = gf(), b = gf(), c = gf(),\r
- d = gf(), e = gf(), f = gf();\r
- for (i = 0; i < 31; i++) z[i] = n[i];\r
- z[31]=(n[31]&127)|64;\r
- z[0]&=248;\r
- unpack25519(x,p);\r
- for (i = 0; i < 16; i++) {\r
- b[i]=x[i];\r
- d[i]=a[i]=c[i]=0;\r
- }\r
- a[0]=d[0]=1;\r
- for (i=254; i>=0; --i) {\r
- r=(z[i>>>3]>>>(i&7))&1;\r
- sel25519(a,b,r);\r
- sel25519(c,d,r);\r
- A(e,a,c);\r
- Z(a,a,c);\r
- A(c,b,d);\r
- Z(b,b,d);\r
- S(d,e);\r
- S(f,a);\r
- M(a,c,a);\r
- M(c,b,e);\r
- A(e,a,c);\r
- Z(a,a,c);\r
- S(b,a);\r
- Z(c,d,f);\r
- M(a,c,_121665);\r
- A(a,a,d);\r
- M(c,c,a);\r
- M(a,d,f);\r
- M(d,b,x);\r
- S(b,e);\r
- sel25519(a,b,r);\r
- sel25519(c,d,r);\r
- }\r
- for (i = 0; i < 16; i++) {\r
- x[i+16]=a[i];\r
- x[i+32]=c[i];\r
- x[i+48]=b[i];\r
- x[i+64]=d[i];\r
- }\r
- var x32 = x.subarray(32);\r
- var x16 = x.subarray(16);\r
- inv25519(x32,x32);\r
- M(x16,x16,x32);\r
- pack25519(q,x16);\r
- return 0;\r
- }\r
-\r
- function crypto_scalarmult_base(q, n) {\r
- return crypto_scalarmult(q, n, _9);\r
- }\r
-\r
- function crypto_box_keypair(y, x) {\r
- randombytes(x, 32);\r
- return crypto_scalarmult_base(y, x);\r
- }\r
-\r
- function crypto_box_beforenm(k, y, x) {\r
- var s = new Uint8Array(32);\r
- crypto_scalarmult(s, x, y);\r
- return crypto_core_hsalsa20(k, _0, s, sigma);\r
- }\r
-\r
- var crypto_box_afternm = crypto_secretbox;\r
- var crypto_box_open_afternm = crypto_secretbox_open;\r
-\r
- function crypto_box(c, m, d, n, y, x) {\r
- var k = new Uint8Array(32);\r
- crypto_box_beforenm(k, y, x);\r
- return crypto_box_afternm(c, m, d, n, k);\r
- }\r
-\r
- function crypto_box_open(m, c, d, n, y, x) {\r
- var k = new Uint8Array(32);\r
- crypto_box_beforenm(k, y, x);\r
- return crypto_box_open_afternm(m, c, d, n, k);\r
- }\r
-\r
var K = [\r
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,\r
0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,\r
projects / libnemo.git / commitdiff