sodium-javascript/crypto_box.js

const { crypto_hash_sha512 } = require('./crypto_hash')
const { memzero } = require('./')

module.exports = {
  crypto_box_keypair,
  crypto_box_seal,
  crypto_box_seal_open,
  crypto_box_PUBLICKEYBYTES,
  crypto_box_SECRETKEYBYTES,
  crypto_box_BEFORENMBYTES,
  crypto_box_NONCEBYTES,
  crypto_box_ZEROBYTES,
  crypto_box_BOXZEROBYTES,
  crypto_box_SEALBYTES,
  crypto_box_BEFORENMBYTES
}

function crypto_box_keypair(pk, sk) {
  check(pk, crypto_box_PUBLICKEYBYTES)
  check(sk, crypto_box_SECRETKEYBYTES)
  randombytes(sk, 32)
  return crypto_scalarmult_base(pk, sk)
}

function crypto_box_seed_keypair(pk, sk, seed) {
  check(pk, crypto_box_PUBLICKEYBYTES)
  check(sk, crypto_box_SECRETKEYBYTES)
  check(sk, crypto_box_SEEDBYTES)

  const hash = Buffer.alloc(64)
  crypto_hash_sha512(hash, seed, 32)
  sk.set(hash, 0, 0, 32)
  memzero(hash)

  return crypto_scalarmult_base(pk, sk)
}

function crypto_box_seal(c, m, pk) {
  check(c, crypto_box_SEALBYTES + m.length)
  check(pk, crypto_box_PUBLICKEYBYTES)

  var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES)
  var esk = new Uint8Array(crypto_box_SECRETKEYBYTES)
  crypto_box_keypair(epk, esk)

  var n = new Uint8Array(crypto_box_NONCEBYTES)
  sodium.crypto_generichash_batch(n, [ epk, pk ])

  var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)
  crypto_scalarmult(s, esk, pk)

  var k = new Uint8Array(crypto_box_BEFORENMBYTES)
  var zero = new Uint8Array(16)
  xsalsa20.core_hsalsa20(k, zero, s, xsalsa20.SIGMA)

  crypto_secretbox_easy(c.subarray(epk.length), m, n, k)

  cleanup(esk)
}

function crypto_box_seal_open(m, c, pk, sk) {
  check(c, crypto_box_SEALBYTES)
  check(m, c.length - crypto_box_SEALBYTES)
  check(pk, crypto_box_PUBLICKEYBYTES)
  check(sk, crypto_box_SECRETKEYBYTES)

  var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES)

  var n = new Uint8Array(crypto_box_NONCEBYTES)
  sodium.crypto_generichash_batch(n, [ epk, pk ])

  var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)
  crypto_scalarmult(s, sk, epk)

  var k = new Uint8Array(crypto_box_BEFORENMBYTES)
  var zero = new Uint8Array(16)
  xsalsa20.core_hsalsa20(k, zero, s, xsalsa20.SIGMA)

  return crypto_secretbox_open_easy(m, c.subarray(epk.length), n, k)
}

function check (buf, len) {
  if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))
}

var crypto_box_PUBLICKEYBYTES = 32,
    crypto_box_SECRETKEYBYTES = 32,
    crypto_box_BEFORENMBYTES = 32,
    crypto_box_NONCEBYTES = 24,
    crypto_box_ZEROBYTES = 32,
    crypto_box_BOXZEROBYTES = 16,
    crypto_box_SEALBYTES = 48,
    crypto_box_BEFORENMBYTES = 32
add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box 2020-06-16 12:18:32 +00:00			`const { crypto_hash_sha512 } = require('./crypto_hash')`
			`const { memzero } = require('./')`

module: crypto_box 2020-05-04 19:12:44 +00:00			`module.exports = {`
			`crypto_box_keypair,`
			`crypto_box_seal,`
			`crypto_box_seal_open,`
			`crypto_box_PUBLICKEYBYTES,`
			`crypto_box_SECRETKEYBYTES,`
			`crypto_box_BEFORENMBYTES,`
			`crypto_box_NONCEBYTES,`
			`crypto_box_ZEROBYTES,`
			`crypto_box_BOXZEROBYTES,`
			`crypto_box_SEALBYTES,`
			`crypto_box_BEFORENMBYTES`
			`}`

			`function crypto_box_keypair(pk, sk) {`
			`check(pk, crypto_box_PUBLICKEYBYTES)`
			`check(sk, crypto_box_SECRETKEYBYTES)`
			`randombytes(sk, 32)`
			`return crypto_scalarmult_base(pk, sk)`
			`}`

add: crypto_box_seed_keypair; alias crypto_kx methods to crypto_box 2020-06-16 12:18:32 +00:00			`function crypto_box_seed_keypair(pk, sk, seed) {`
			`check(pk, crypto_box_PUBLICKEYBYTES)`
			`check(sk, crypto_box_SECRETKEYBYTES)`
			`check(sk, crypto_box_SEEDBYTES)`

			`const hash = Buffer.alloc(64)`
			`crypto_hash_sha512(hash, seed, 32)`
			`sk.set(hash, 0, 0, 32)`
			`memzero(hash)`

			`return crypto_scalarmult_base(pk, sk)`
			`}`

module: crypto_box 2020-05-04 19:12:44 +00:00			`function crypto_box_seal(c, m, pk) {`
			`check(c, crypto_box_SEALBYTES + m.length)`
			`check(pk, crypto_box_PUBLICKEYBYTES)`

			`var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES)`
			`var esk = new Uint8Array(crypto_box_SECRETKEYBYTES)`
			`crypto_box_keypair(epk, esk)`

			`var n = new Uint8Array(crypto_box_NONCEBYTES)`
			`sodium.crypto_generichash_batch(n, [ epk, pk ])`

			`var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)`
			`crypto_scalarmult(s, esk, pk)`

			`var k = new Uint8Array(crypto_box_BEFORENMBYTES)`
			`var zero = new Uint8Array(16)`
			`xsalsa20.core_hsalsa20(k, zero, s, xsalsa20.SIGMA)`

			`crypto_secretbox_easy(c.subarray(epk.length), m, n, k)`

			`cleanup(esk)`
			`}`

			`function crypto_box_seal_open(m, c, pk, sk) {`
			`check(c, crypto_box_SEALBYTES)`
			`check(m, c.length - crypto_box_SEALBYTES)`
			`check(pk, crypto_box_PUBLICKEYBYTES)`
			`check(sk, crypto_box_SECRETKEYBYTES)`

			`var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES)`

			`var n = new Uint8Array(crypto_box_NONCEBYTES)`
			`sodium.crypto_generichash_batch(n, [ epk, pk ])`

			`var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)`
			`crypto_scalarmult(s, sk, epk)`

			`var k = new Uint8Array(crypto_box_BEFORENMBYTES)`
			`var zero = new Uint8Array(16)`
			`xsalsa20.core_hsalsa20(k, zero, s, xsalsa20.SIGMA)`

			`return crypto_secretbox_open_easy(m, c.subarray(epk.length), n, k)`
			`}`

			`function check (buf, len) {`
			`if (!buf \|\| (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))`
			`}`

			`var crypto_box_PUBLICKEYBYTES = 32,`
			`crypto_box_SECRETKEYBYTES = 32,`
			`crypto_box_BEFORENMBYTES = 32,`
			`crypto_box_NONCEBYTES = 24,`
			`crypto_box_ZEROBYTES = 32,`
			`crypto_box_BOXZEROBYTES = 16,`
			`crypto_box_SEALBYTES = 48,`
			`crypto_box_BEFORENMBYTES = 32`