From ff28f5a8886983dc9523c8fad6a826b3ecfca6b6 Mon Sep 17 00:00:00 2001 From: Christophe Diederichs Date: Mon, 4 May 2020 20:49:21 +0200 Subject: [PATCH] module: crypto_scalarmult --- crypto_scalarmult.js | 82 ++++++++++++++++++++++++++++++++++++++++++++ index.js | 66 +---------------------------------- 2 files changed, 83 insertions(+), 65 deletions(-) create mode 100644 crypto_scalarmult.js diff --git a/crypto_scalarmult.js b/crypto_scalarmult.js new file mode 100644 index 0000000..16c43ed --- /dev/null +++ b/crypto_scalarmult.js @@ -0,0 +1,82 @@ +module.exports = { + crypto_scalarmult, + crypto_scalarmult_base, + crypto_scalarmult_BYTES, + crypto_scalarmult_SCALARBYTES +} + +function crypto_scalarmult(q, n, p) { + check(q, crypto_scalarmult_BYTES) + check(n, crypto_scalarmult_SCALARBYTES) + check(p, crypto_scalarmult_BYTES) + var z = new Uint8Array(32); + var x = new Float64Array(80), r, i; + var a = gf(), b = gf(), c = gf(), + d = gf(), e = gf(), f = gf(); + for (i = 0; i < 31; i++) z[i] = n[i]; + z[31]=(n[31]&127)|64; + z[0]&=248; + unpack25519(x,p); + for (i = 0; i < 16; i++) { + b[i]=x[i]; + d[i]=a[i]=c[i]=0; + } + a[0]=d[0]=1; + for (i=254; i>=0; --i) { + r=(z[i>>>3]>>>(i&7))&1; + sel25519(a,b,r); + sel25519(c,d,r); + A(e,a,c); + Z(a,a,c); + A(c,b,d); + Z(b,b,d); + S(d,e); + S(f,a); + M(a,c,a); + M(c,b,e); + A(e,a,c); + Z(a,a,c); + S(b,a); + Z(c,d,f); + M(a,c,_121665); + A(a,a,d); + M(c,c,a); + M(a,d,f); + M(d,b,x); + S(b,e); + sel25519(a,b,r); + sel25519(c,d,r); + } + for (i = 0; i < 16; i++) { + x[i+16]=a[i]; + x[i+32]=c[i]; + x[i+48]=b[i]; + x[i+64]=d[i]; + } + var x32 = x.subarray(32); + var x16 = x.subarray(16); + inv25519(x32,x32); + M(x16,x16,x32); + pack25519(q,x16); + return 0; +} + +module.exports = { + crypto_scalarmult_base, + crypto_scalarmult_base, + crypto_scalarmult_BYTES, + crypto_scalarmult_SCALARBYTES +} + +function crypto_scalarmult_base(q, n) { + return crypto_scalarmult(q, n, _9); +} + +function check (buf, len) { + if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : '')) +} + +var crypto_scalarmult_BYTES, + crypto_scalarmult_SCALARBYTES = 32, + crypto_scalarmult_BYTES, + crypto_scalarmult_SCALARBYTES = 32 diff --git a/index.js b/index.js index cd90dbd..00de9b6 100644 --- a/index.js +++ b/index.js @@ -75,65 +75,6 @@ function pow2523(o, i) { for (a = 0; a < 16; a++) o[a] = c[a]; } -function crypto_scalarmult(q, n, p) { - check(q, crypto_scalarmult_BYTES) - check(n, crypto_scalarmult_SCALARBYTES) - check(p, crypto_scalarmult_BYTES) - var z = new Uint8Array(32); - var x = new Float64Array(80), r, i; - var a = gf(), b = gf(), c = gf(), - d = gf(), e = gf(), f = gf(); - for (i = 0; i < 31; i++) z[i] = n[i]; - z[31]=(n[31]&127)|64; - z[0]&=248; - unpack25519(x,p); - for (i = 0; i < 16; i++) { - b[i]=x[i]; - d[i]=a[i]=c[i]=0; - } - a[0]=d[0]=1; - for (i=254; i>=0; --i) { - r=(z[i>>>3]>>>(i&7))&1; - sel25519(a,b,r); - sel25519(c,d,r); - A(e,a,c); - Z(a,a,c); - A(c,b,d); - Z(b,b,d); - S(d,e); - S(f,a); - M(a,c,a); - M(c,b,e); - A(e,a,c); - Z(a,a,c); - S(b,a); - Z(c,d,f); - M(a,c,_121665); - A(a,a,d); - M(c,c,a); - M(a,d,f); - M(d,b,x); - S(b,e); - sel25519(a,b,r); - sel25519(c,d,r); - } - for (i = 0; i < 16; i++) { - x[i+16]=a[i]; - x[i+32]=c[i]; - x[i+48]=b[i]; - x[i+64]=d[i]; - } - var x32 = x.subarray(32); - var x16 = x.subarray(16); - inv25519(x32,x32); - M(x16,x16,x32); - pack25519(q,x16); - return 0; -} - -function crypto_scalarmult_base(q, n) { - return crypto_scalarmult(q, n, _9); -} var K = [ 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, @@ -939,8 +880,6 @@ var crypto_secretbox_KEYBYTES = 32, crypto_secretbox_NONCEBYTES = 24, crypto_secretbox_ZEROBYTES = 32, crypto_secretbox_BOXZEROBYTES = 16, - crypto_scalarmult_BYTES = 32, - crypto_scalarmult_SCALARBYTES = 32, crypto_box_PUBLICKEYBYTES = 32, crypto_box_SECRETKEYBYTES = 32, crypto_box_BEFORENMBYTES = 32, @@ -976,10 +915,6 @@ forward(require('./crypto_shorthash')) forward(require('./randombytes')) forward(require('./crypto_stream')) -sodium.crypto_scalarmult_BYTES = crypto_scalarmult_BYTES -sodium.crypto_scalarmult_SCALARBYTES = crypto_scalarmult_SCALARBYTES -sodium.crypto_scalarmult_base = crypto_scalarmult_base -sodium.crypto_scalarmult = crypto_scalarmult sodium.crypto_secretbox_KEYBYTES = crypto_secretbox_KEYBYTES, sodium.crypto_secretbox_NONCEBYTES = crypto_secretbox_NONCEBYTES, @@ -1005,6 +940,7 @@ function cleanup(arr) { for (var i = 0; i < arr.length; i++) arr[i] = 0; } +forward(require('./crypto_scalarmult')) forward(require('./crypto_stream')) function forward (submodule) {