sodium-javascript/crypto_secretbox.js

/* eslint-disable camelcase */
const { crypto_stream, crypto_stream_xor } = require('./crypto_stream')
const { crypto_onetimeauth, crypto_onetimeauth_verify } = require('./crypto_onetimeauth')

const crypto_secretbox_KEYBYTES = 32
const crypto_secretbox_NONCEBYTES = 24
const crypto_secretbox_ZEROBYTES = 32
const crypto_secretbox_BOXZEROBYTES = 16
const crypto_secretbox_MACBYTES = 1

module.exports = {
  crypto_secretbox,
  crypto_secretbox_open,
  crypto_secretbox_detached,
  crypto_secretbox_open_detached,
  crypto_secretbox_easy,
  crypto_secretbox_open_easy,
  crypto_secretbox_KEYBYTES,
  crypto_secretbox_NONCEBYTES,
  crypto_secretbox_ZEROBYTES,
  crypto_secretbox_BOXZEROBYTES,
  crypto_secretbox_MACBYTES
}

function crypto_secretbox (c, m, d, n, k) {
  var i
  if (d < 32) return -1
  crypto_stream_xor(c, m, n, k)
  crypto_onetimeauth(c, 16, c, 32, d - 32, c)
  for (i = 0; i < 16; i++) c[i] = 0
  return 0
}

function crypto_secretbox_open (m, c, d, n, k) {
  var i
  var x = new Uint8Array(32)
  if (d < 32) return -1
  crypto_stream(x, n, k)
  if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0) return -1
  crypto_stream_xor(m, c, n, k)
  for (i = 0; i < 32; i++) m[i] = 0
  return 0
}

function crypto_secretbox_detached (o, mac, msg, n, k) {
  check(mac, crypto_secretbox_MACBYTES)
  var tmp = new Uint8Array(msg.length + mac.length)
  crypto_secretbox_easy(tmp, msg, n, k)
  o.set(tmp.subarray(0, msg.length))
  mac.set(tmp.subarray(msg.length))
}

function crypto_secretbox_open_detached (msg, o, mac, n, k) {
  check(mac, crypto_secretbox_MACBYTES)
  var tmp = new Uint8Array(o.length + mac.length)
  tmp.set(o)
  tmp.set(mac, msg.length)
  return crypto_secretbox_open_easy(msg, tmp, n, k)
}

function crypto_secretbox_easy (o, msg, n, k) {
  check(msg, 0)
  check(o, msg.length + crypto_secretbox_MACBYTES)
  check(n, crypto_secretbox_NONCEBYTES)
  check(k, crypto_secretbox_KEYBYTES)

  var i
  var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length)
  var c = new Uint8Array(m.length)
  for (i = 0; i < msg.length; i++) m[i + crypto_secretbox_ZEROBYTES] = msg[i]
  crypto_secretbox(c, m, m.length, n, k)
  for (i = crypto_secretbox_BOXZEROBYTES; i < c.length; i++) o[i - crypto_secretbox_BOXZEROBYTES] = c[i]
}

function crypto_secretbox_open_easy (msg, box, n, k) {
  check(box, crypto_secretbox_MACBYTES)
  check(msg, box.length - crypto_secretbox_MACBYTES)
  check(n, crypto_secretbox_NONCEBYTES)
  check(k, crypto_secretbox_KEYBYTES)

  var i
  var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length)
  var m = new Uint8Array(c.length)
  for (i = 0; i < box.length; i++) c[i + crypto_secretbox_BOXZEROBYTES] = box[i]
  if (c.length < 32) return false
  if (crypto_secretbox_open(m, c, c.length, n, k) !== 0) return false

  for (i = crypto_secretbox_ZEROBYTES; i < m.length; i++) msg[i - crypto_secretbox_ZEROBYTES] = m[i]
  return true
}

function check (buf, len) {
  if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))
}
Make linter happy 2020-06-24 12:08:55 +00:00			`/* eslint-disable camelcase */`
			`const { crypto_stream, crypto_stream_xor } = require('./crypto_stream')`
			`const { crypto_onetimeauth, crypto_onetimeauth_verify } = require('./crypto_onetimeauth')`
Split library into modules (#20) * crypto_stream: signature change needed to modularise * move ed25519 arithmetic to separate module * module: poly1305 * module: crypto_scalarmult * module: crypto_hash * module: crypto_sign * module: crypto_secretbox * move verify functions to crypto_verify module * leftover crypto_stream functions * module: crypto_onetimeauth * module: crypto_box * tidy up * require ed25519.js * update: crypto_hash * add chacha20; align API with PR#21 * update sha512 to wasm module * fix bugs in crypto_sign * be standard * add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box * scalarmult: import curve methods; be standard * correction: crypto_kx is not actually an alias of crypto_box * export _9 constant field element * add: crypto_box_seed_keypair * removed duplicate module.exports declaraion * declare constants about exports * rename memzero -> sodium-memzero * update sodium_memzero function to arr.fill(0) * tidy: remove legacy functions * added: crypto_aead_chacha20poly1305_ietf methods * listen to linter * add assertions * chacha: readUint32Le generalised for uint8array; aead: standard fix * add null check on ad param * added: sodium_memcmp * export sodium_memcmp * export crypto_verify module * sodium_memcmp returns boolean * added: sodium_is_zero * catch syntax error * throw if crypto_aead cannot validate, fix typo in crypto_verify * move chacha20 alg to external module * use Uint8Arrays instead of buffers * change checks to assertions * bump to chacha 1.0.3 - remove Buffer dependency * reduce code branching, align return values with sodium-native * add sha-wasm deps to package.json * standard fixes * bump chacha20 to 1.0.4: remove Buffer dep * move crypto_hash_sha256 to module to uncouple wasm dependencies * add endian check: all other modules require members of this set * correct filename: crypto_hash_sha256 * export constant: crypto_hash_sha512_BYTES 2020-06-18 15:09:03 +00:00
Make linter happy 2020-06-24 12:08:55 +00:00			`const crypto_secretbox_KEYBYTES = 32`
			`const crypto_secretbox_NONCEBYTES = 24`
			`const crypto_secretbox_ZEROBYTES = 32`
			`const crypto_secretbox_BOXZEROBYTES = 16`
			`const crypto_secretbox_MACBYTES = 1`
Split library into modules (#20) * crypto_stream: signature change needed to modularise * move ed25519 arithmetic to separate module * module: poly1305 * module: crypto_scalarmult * module: crypto_hash * module: crypto_sign * module: crypto_secretbox * move verify functions to crypto_verify module * leftover crypto_stream functions * module: crypto_onetimeauth * module: crypto_box * tidy up * require ed25519.js * update: crypto_hash * add chacha20; align API with PR#21 * update sha512 to wasm module * fix bugs in crypto_sign * be standard * add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box * scalarmult: import curve methods; be standard * correction: crypto_kx is not actually an alias of crypto_box * export _9 constant field element * add: crypto_box_seed_keypair * removed duplicate module.exports declaraion * declare constants about exports * rename memzero -> sodium-memzero * update sodium_memzero function to arr.fill(0) * tidy: remove legacy functions * added: crypto_aead_chacha20poly1305_ietf methods * listen to linter * add assertions * chacha: readUint32Le generalised for uint8array; aead: standard fix * add null check on ad param * added: sodium_memcmp * export sodium_memcmp * export crypto_verify module * sodium_memcmp returns boolean * added: sodium_is_zero * catch syntax error * throw if crypto_aead cannot validate, fix typo in crypto_verify * move chacha20 alg to external module * use Uint8Arrays instead of buffers * change checks to assertions * bump to chacha 1.0.3 - remove Buffer dependency * reduce code branching, align return values with sodium-native * add sha-wasm deps to package.json * standard fixes * bump chacha20 to 1.0.4: remove Buffer dep * move crypto_hash_sha256 to module to uncouple wasm dependencies * add endian check: all other modules require members of this set * correct filename: crypto_hash_sha256 * export constant: crypto_hash_sha512_BYTES 2020-06-18 15:09:03 +00:00
			`module.exports = {`
			`crypto_secretbox,`
			`crypto_secretbox_open,`
			`crypto_secretbox_detached,`
			`crypto_secretbox_open_detached,`
			`crypto_secretbox_easy,`
			`crypto_secretbox_open_easy,`
			`crypto_secretbox_KEYBYTES,`
			`crypto_secretbox_NONCEBYTES,`
			`crypto_secretbox_ZEROBYTES,`
			`crypto_secretbox_BOXZEROBYTES,`
			`crypto_secretbox_MACBYTES`
			`}`

			`function crypto_secretbox (c, m, d, n, k) {`
			`var i`
			`if (d < 32) return -1`
			`crypto_stream_xor(c, m, n, k)`
			`crypto_onetimeauth(c, 16, c, 32, d - 32, c)`
			`for (i = 0; i < 16; i++) c[i] = 0`
			`return 0`
			`}`

			`function crypto_secretbox_open (m, c, d, n, k) {`
			`var i`
			`var x = new Uint8Array(32)`
			`if (d < 32) return -1`
			`crypto_stream(x, n, k)`
			`if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0) return -1`
			`crypto_stream_xor(m, c, n, k)`
			`for (i = 0; i < 32; i++) m[i] = 0`
			`return 0`
			`}`

			`function crypto_secretbox_detached (o, mac, msg, n, k) {`
			`check(mac, crypto_secretbox_MACBYTES)`
			`var tmp = new Uint8Array(msg.length + mac.length)`
			`crypto_secretbox_easy(tmp, msg, n, k)`
			`o.set(tmp.subarray(0, msg.length))`
			`mac.set(tmp.subarray(msg.length))`
			`}`

			`function crypto_secretbox_open_detached (msg, o, mac, n, k) {`
			`check(mac, crypto_secretbox_MACBYTES)`
			`var tmp = new Uint8Array(o.length + mac.length)`
			`tmp.set(o)`
			`tmp.set(mac, msg.length)`
			`return crypto_secretbox_open_easy(msg, tmp, n, k)`
			`}`

Make linter happy 2020-06-24 12:08:55 +00:00			`function crypto_secretbox_easy (o, msg, n, k) {`
Split library into modules (#20) * crypto_stream: signature change needed to modularise * move ed25519 arithmetic to separate module * module: poly1305 * module: crypto_scalarmult * module: crypto_hash * module: crypto_sign * module: crypto_secretbox * move verify functions to crypto_verify module * leftover crypto_stream functions * module: crypto_onetimeauth * module: crypto_box * tidy up * require ed25519.js * update: crypto_hash * add chacha20; align API with PR#21 * update sha512 to wasm module * fix bugs in crypto_sign * be standard * add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box * scalarmult: import curve methods; be standard * correction: crypto_kx is not actually an alias of crypto_box * export _9 constant field element * add: crypto_box_seed_keypair * removed duplicate module.exports declaraion * declare constants about exports * rename memzero -> sodium-memzero * update sodium_memzero function to arr.fill(0) * tidy: remove legacy functions * added: crypto_aead_chacha20poly1305_ietf methods * listen to linter * add assertions * chacha: readUint32Le generalised for uint8array; aead: standard fix * add null check on ad param * added: sodium_memcmp * export sodium_memcmp * export crypto_verify module * sodium_memcmp returns boolean * added: sodium_is_zero * catch syntax error * throw if crypto_aead cannot validate, fix typo in crypto_verify * move chacha20 alg to external module * use Uint8Arrays instead of buffers * change checks to assertions * bump to chacha 1.0.3 - remove Buffer dependency * reduce code branching, align return values with sodium-native * add sha-wasm deps to package.json * standard fixes * bump chacha20 to 1.0.4: remove Buffer dep * move crypto_hash_sha256 to module to uncouple wasm dependencies * add endian check: all other modules require members of this set * correct filename: crypto_hash_sha256 * export constant: crypto_hash_sha512_BYTES 2020-06-18 15:09:03 +00:00			`check(msg, 0)`
			`check(o, msg.length + crypto_secretbox_MACBYTES)`
			`check(n, crypto_secretbox_NONCEBYTES)`
			`check(k, crypto_secretbox_KEYBYTES)`

			`var i`
			`var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length)`
			`var c = new Uint8Array(m.length)`
			`for (i = 0; i < msg.length; i++) m[i + crypto_secretbox_ZEROBYTES] = msg[i]`
			`crypto_secretbox(c, m, m.length, n, k)`
			`for (i = crypto_secretbox_BOXZEROBYTES; i < c.length; i++) o[i - crypto_secretbox_BOXZEROBYTES] = c[i]`
			`}`

Make linter happy 2020-06-24 12:08:55 +00:00			`function crypto_secretbox_open_easy (msg, box, n, k) {`
Split library into modules (#20) * crypto_stream: signature change needed to modularise * move ed25519 arithmetic to separate module * module: poly1305 * module: crypto_scalarmult * module: crypto_hash * module: crypto_sign * module: crypto_secretbox * move verify functions to crypto_verify module * leftover crypto_stream functions * module: crypto_onetimeauth * module: crypto_box * tidy up * require ed25519.js * update: crypto_hash * add chacha20; align API with PR#21 * update sha512 to wasm module * fix bugs in crypto_sign * be standard * add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box * scalarmult: import curve methods; be standard * correction: crypto_kx is not actually an alias of crypto_box * export _9 constant field element * add: crypto_box_seed_keypair * removed duplicate module.exports declaraion * declare constants about exports * rename memzero -> sodium-memzero * update sodium_memzero function to arr.fill(0) * tidy: remove legacy functions * added: crypto_aead_chacha20poly1305_ietf methods * listen to linter * add assertions * chacha: readUint32Le generalised for uint8array; aead: standard fix * add null check on ad param * added: sodium_memcmp * export sodium_memcmp * export crypto_verify module * sodium_memcmp returns boolean * added: sodium_is_zero * catch syntax error * throw if crypto_aead cannot validate, fix typo in crypto_verify * move chacha20 alg to external module * use Uint8Arrays instead of buffers * change checks to assertions * bump to chacha 1.0.3 - remove Buffer dependency * reduce code branching, align return values with sodium-native * add sha-wasm deps to package.json * standard fixes * bump chacha20 to 1.0.4: remove Buffer dep * move crypto_hash_sha256 to module to uncouple wasm dependencies * add endian check: all other modules require members of this set * correct filename: crypto_hash_sha256 * export constant: crypto_hash_sha512_BYTES 2020-06-18 15:09:03 +00:00			`check(box, crypto_secretbox_MACBYTES)`
			`check(msg, box.length - crypto_secretbox_MACBYTES)`
			`check(n, crypto_secretbox_NONCEBYTES)`
			`check(k, crypto_secretbox_KEYBYTES)`

			`var i`
			`var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length)`
			`var m = new Uint8Array(c.length)`
			`for (i = 0; i < box.length; i++) c[i + crypto_secretbox_BOXZEROBYTES] = box[i]`
			`if (c.length < 32) return false`
			`if (crypto_secretbox_open(m, c, c.length, n, k) !== 0) return false`

			`for (i = crypto_secretbox_ZEROBYTES; i < m.length; i++) msg[i - crypto_secretbox_ZEROBYTES] = m[i]`
			`return true`
			`}`

			`function check (buf, len) {`
			`if (!buf \|\| (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))`
			`}`