Make linter happy

This commit is contained in:
Emil Bay 2020-06-24 14:08:55 +02:00
parent 930e77ad32
commit 30c3342156
16 changed files with 262 additions and 248 deletions

View File

@ -1,6 +1,7 @@
/* eslint-disable camelcase */
const { crypto_stream_chacha20_ietf, crypto_stream_chacha20_ietf_xor_ic } = require('./crypto_stream_chacha20') const { crypto_stream_chacha20_ietf, crypto_stream_chacha20_ietf_xor_ic } = require('./crypto_stream_chacha20')
const { crypto_verify_16 } = require('./crypto_verify') const { crypto_verify_16 } = require('./crypto_verify')
const Poly1305 = require('./poly1305.js') const Poly1305 = require('./internal/poly1305')
const assert = require('nanoassert') const assert = require('nanoassert')
const crypto_aead_chacha20poly1305_ietf_KEYBYTES = 32 const crypto_aead_chacha20poly1305_ietf_KEYBYTES = 32

View File

@ -1,3 +1,4 @@
/* eslint-disable camelcase */
const { crypto_hash_sha512 } = require('./crypto_hash') const { crypto_hash_sha512 } = require('./crypto_hash')
const { crypto_scalarmult, crypto_scalarmult_base } = require('./crypto_scalarmult') const { crypto_scalarmult, crypto_scalarmult_base } = require('./crypto_scalarmult')
const { randombytes } = require('./randombytes') const { randombytes } = require('./randombytes')
@ -6,15 +7,14 @@ const { crypto_secretbox_open_easy, crypto_secretbox_easy } = require('./crypto_
const xsalsa20 = require('xsalsa20') const xsalsa20 = require('xsalsa20')
const assert = require('nanoassert') const assert = require('nanoassert')
var crypto_box_PUBLICKEYBYTES = 32, const crypto_box_PUBLICKEYBYTES = 32
crypto_box_SECRETKEYBYTES = 32, const crypto_box_SECRETKEYBYTES = 32
crypto_box_BEFORENMBYTES = 32, const crypto_box_NONCEBYTES = 24
crypto_box_NONCEBYTES = 24, const crypto_box_ZEROBYTES = 32
crypto_box_ZEROBYTES = 32, const crypto_box_BOXZEROBYTES = 16
crypto_box_BOXZEROBYTES = 16, const crypto_box_SEALBYTES = 48
crypto_box_SEALBYTES = 48, const crypto_box_SEEDBYTES = 32
crypto_box_SEEDBYTES = 32, const crypto_box_BEFORENMBYTES = 32
crypto_box_BEFORENMBYTES = 32
module.exports = { module.exports = {
crypto_box_keypair, crypto_box_keypair,
@ -23,7 +23,6 @@ module.exports = {
crypto_box_seal_open, crypto_box_seal_open,
crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES,
crypto_box_SECRETKEYBYTES, crypto_box_SECRETKEYBYTES,
crypto_box_BEFORENMBYTES,
crypto_box_NONCEBYTES, crypto_box_NONCEBYTES,
crypto_box_ZEROBYTES, crypto_box_ZEROBYTES,
crypto_box_BOXZEROBYTES, crypto_box_BOXZEROBYTES,
@ -32,14 +31,14 @@ module.exports = {
crypto_box_BEFORENMBYTES crypto_box_BEFORENMBYTES
} }
function crypto_box_keypair(pk, sk) { function crypto_box_keypair (pk, sk) {
check(pk, crypto_box_PUBLICKEYBYTES) check(pk, crypto_box_PUBLICKEYBYTES)
check(sk, crypto_box_SECRETKEYBYTES) check(sk, crypto_box_SECRETKEYBYTES)
randombytes(sk, 32) randombytes(sk, 32)
return crypto_scalarmult_base(pk, sk) return crypto_scalarmult_base(pk, sk)
} }
function crypto_box_seed_keypair(pk, sk, seed) { function crypto_box_seed_keypair (pk, sk, seed) {
assert(pk.byteLength === crypto_box_PUBLICKEYBYTES, "pk should be 'crypto_box_PUBLICKEYBYTES' bytes") assert(pk.byteLength === crypto_box_PUBLICKEYBYTES, "pk should be 'crypto_box_PUBLICKEYBYTES' bytes")
assert(sk.byteLength === crypto_box_SECRETKEYBYTES, "sk should be 'crypto_box_SECRETKEYBYTES' bytes") assert(sk.byteLength === crypto_box_SECRETKEYBYTES, "sk should be 'crypto_box_SECRETKEYBYTES' bytes")
assert(sk.byteLength === crypto_box_SEEDBYTES, "sk should be 'crypto_box_SEEDBYTES' bytes") assert(sk.byteLength === crypto_box_SEEDBYTES, "sk should be 'crypto_box_SEEDBYTES' bytes")
@ -52,7 +51,7 @@ function crypto_box_seed_keypair(pk, sk, seed) {
return crypto_scalarmult_base(pk, sk) return crypto_scalarmult_base(pk, sk)
} }
function crypto_box_seal(c, m, pk) { function crypto_box_seal (c, m, pk) {
check(c, crypto_box_SEALBYTES + m.length) check(c, crypto_box_SEALBYTES + m.length)
check(pk, crypto_box_PUBLICKEYBYTES) check(pk, crypto_box_PUBLICKEYBYTES)
@ -61,7 +60,7 @@ function crypto_box_seal(c, m, pk) {
crypto_box_keypair(epk, esk) crypto_box_keypair(epk, esk)
var n = new Uint8Array(crypto_box_NONCEBYTES) var n = new Uint8Array(crypto_box_NONCEBYTES)
crypto_generichash_batch(n, [ epk, pk ]) crypto_generichash_batch(n, [epk, pk])
var s = new Uint8Array(crypto_box_PUBLICKEYBYTES) var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)
crypto_scalarmult(s, esk, pk) crypto_scalarmult(s, esk, pk)
@ -75,7 +74,7 @@ function crypto_box_seal(c, m, pk) {
cleanup(esk) cleanup(esk)
} }
function crypto_box_seal_open(m, c, pk, sk) { function crypto_box_seal_open (m, c, pk, sk) {
check(c, crypto_box_SEALBYTES) check(c, crypto_box_SEALBYTES)
check(m, c.length - crypto_box_SEALBYTES) check(m, c.length - crypto_box_SEALBYTES)
check(pk, crypto_box_PUBLICKEYBYTES) check(pk, crypto_box_PUBLICKEYBYTES)
@ -84,7 +83,7 @@ function crypto_box_seal_open(m, c, pk, sk) {
var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES) var epk = c.subarray(0, crypto_box_PUBLICKEYBYTES)
var n = new Uint8Array(crypto_box_NONCEBYTES) var n = new Uint8Array(crypto_box_NONCEBYTES)
crypto_generichash_batch(n, [ epk, pk ]) crypto_generichash_batch(n, [epk, pk])
var s = new Uint8Array(crypto_box_PUBLICKEYBYTES) var s = new Uint8Array(crypto_box_PUBLICKEYBYTES)
crypto_scalarmult(s, sk, epk) crypto_scalarmult(s, sk, epk)
@ -100,6 +99,6 @@ function check (buf, len) {
if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : '')) if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : ''))
} }
function cleanup(arr) { function cleanup (arr) {
for (var i = 0; i < arr.length; i++) arr[i] = 0; for (let i = 0; i < arr.length; i++) arr[i] = 0
} }

View File

@ -31,6 +31,6 @@ module.exports.crypto_generichash_instance = function (key, outlen) {
return blake2b(outlen, key) return blake2b(outlen, key)
} }
blake2b.ready(function (err) { blake2b.ready(function (_) {
module.exports.crypto_generichash_WASM_LOADED = blake2b.WASM_LOADED module.exports.crypto_generichash_WASM_LOADED = blake2b.WASM_LOADED
}) })

View File

@ -1,10 +1,11 @@
/* eslint-disable camelcase */
const sha512 = require('sha512-wasm') const sha512 = require('sha512-wasm')
const assert = require('nanoassert') const assert = require('nanoassert')
if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.') if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.')
var crypto_hash_sha512_BYTES = 64 const crypto_hash_sha512_BYTES = 64
var crypto_hash_BYTES = crypto_hash_sha512_BYTES const crypto_hash_BYTES = crypto_hash_sha512_BYTES
function crypto_hash_sha512 (out, m, n) { function crypto_hash_sha512 (out, m, n) {
assert(out.byteLength === crypto_hash_sha512_BYTES, "out must be 'crypto_hash_sha512_BYTES' bytes long") assert(out.byteLength === crypto_hash_sha512_BYTES, "out must be 'crypto_hash_sha512_BYTES' bytes long")

View File

@ -1,9 +1,10 @@
/* eslint-disable camelcase */
const sha256 = require('sha256-wasm') const sha256 = require('sha256-wasm')
const assert = require('nanoassert') const assert = require('nanoassert')
if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.') if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.')
var crypto_hash_sha256_BYTES = 32 const crypto_hash_sha256_BYTES = 32
function crypto_hash_sha256 (out, m, n) { function crypto_hash_sha256 (out, m, n) {
assert(out.byteLength === crypto_hash_sha256_BYTES, "out must be 'crypto_hash_sha256_BYTES' bytes long") assert(out.byteLength === crypto_hash_sha256_BYTES, "out must be 'crypto_hash_sha256_BYTES' bytes long")

View File

@ -1,6 +1,7 @@
var assert = require('nanoassert') /* eslint-disable camelcase */
var randombytes_buf = require('./randombytes').randombytes_buf const assert = require('nanoassert')
var blake2b = require('blake2b') const randombytes_buf = require('./randombytes').randombytes_buf
const blake2b = require('blake2b')
module.exports.crypto_kdf_PRIMITIVE = 'blake2b' module.exports.crypto_kdf_PRIMITIVE = 'blake2b'
module.exports.crypto_kdf_BYTES_MIN = 16 module.exports.crypto_kdf_BYTES_MIN = 16
@ -8,7 +9,7 @@ module.exports.crypto_kdf_BYTES_MAX = 64
module.exports.crypto_kdf_CONTEXTBYTES = 8 module.exports.crypto_kdf_CONTEXTBYTES = 8
module.exports.crypto_kdf_KEYBYTES = 32 module.exports.crypto_kdf_KEYBYTES = 32
function STORE64_LE(dest, int) { function STORE64_LE (dest, int) {
var mul = 1 var mul = 1
var i = 0 var i = 0
dest[0] = int & 0xFF dest[0] = int & 0xFF

View File

@ -1,11 +1,12 @@
/* eslint-disable camelcase */
const { crypto_scalarmult_base } = require('./crypto_scalarmult') const { crypto_scalarmult_base } = require('./crypto_scalarmult')
const { crypto_generichash } = require('./crypto_generichash') const { crypto_generichash } = require('./crypto_generichash')
const { randombytes_buf } = require('./randombytes') const { randombytes_buf } = require('./randombytes')
const assert = require('nanoassert') const assert = require('nanoassert')
var crypto_kx_SEEDBYTES = 32 const crypto_kx_SEEDBYTES = 32
var crypto_kx_PUBLICKEYBYTES = 32 const crypto_kx_PUBLICKEYBYTES = 32
var crypto_kx_SECRETKEYBYTES = 32 const crypto_kx_SECRETKEYBYTES = 32
function crypto_kx_keypair (pk, sk) { function crypto_kx_keypair (pk, sk) {
assert(pk.byteLength === crypto_kx_PUBLICKEYBYTES, "pk must be 'crypto_kx_PUBLICKEYBYTES' bytes") assert(pk.byteLength === crypto_kx_PUBLICKEYBYTES, "pk must be 'crypto_kx_PUBLICKEYBYTES' bytes")

View File

@ -1,4 +1,5 @@
const poly1305 = require('./poly1305') /* eslint-disable camelcase */
const Poly1305 = require('./internal/poly1305')
const { crypto_verify_16 } = require('./crypto_verify') const { crypto_verify_16 } = require('./crypto_verify')
module.exports = { module.exports = {
@ -6,15 +7,15 @@ module.exports = {
crypto_onetimeauth_verify crypto_onetimeauth_verify
} }
function crypto_onetimeauth(out, outpos, m, mpos, n, k) { function crypto_onetimeauth (out, outpos, m, mpos, n, k) {
var s = new poly1305(k); var s = new Poly1305(k)
s.update(m, mpos, n); s.update(m, mpos, n)
s.finish(out, outpos); s.finish(out, outpos)
return 0; return 0
} }
function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) { function crypto_onetimeauth_verify (h, hpos, m, mpos, n, k) {
var x = new Uint8Array(16); var x = new Uint8Array(16)
crypto_onetimeauth(x,0,m,mpos,n,k); crypto_onetimeauth(x, 0, m, mpos, n, k)
return crypto_verify_16(h,hpos,x,0); return crypto_verify_16(h, hpos, x, 0)
} }

View File

@ -1,9 +1,8 @@
const { _9, _121665, gf, inv25519, pack25519, unpack25519, sel25519, A, M, Z, S } = require('./ed25519.js') /* eslint-disable camelcase, one-var */
const { _9, _121665, gf, inv25519, pack25519, unpack25519, sel25519, A, M, Z, S } = require('./internal/ed25519')
var crypto_scalarmult_BYTES = 32 const crypto_scalarmult_BYTES = 32
var crypto_scalarmult_SCALARBYTES = 32 const crypto_scalarmult_SCALARBYTES = 32
var crypto_scalarmult_BYTES = 32
var crypto_scalarmult_SCALARBYTES = 32
module.exports = { module.exports = {
crypto_scalarmult, crypto_scalarmult,

View File

@ -1,11 +1,12 @@
var { crypto_stream, crypto_stream_xor } = require('./crypto_stream') /* eslint-disable camelcase */
var { crypto_onetimeauth, crypto_onetimeauth_verify } = require('./crypto_onetimeauth') const { crypto_stream, crypto_stream_xor } = require('./crypto_stream')
const { crypto_onetimeauth, crypto_onetimeauth_verify } = require('./crypto_onetimeauth')
var crypto_secretbox_KEYBYTES = 32, const crypto_secretbox_KEYBYTES = 32
crypto_secretbox_NONCEBYTES = 24, const crypto_secretbox_NONCEBYTES = 24
crypto_secretbox_ZEROBYTES = 32, const crypto_secretbox_ZEROBYTES = 32
crypto_secretbox_BOXZEROBYTES = 16, const crypto_secretbox_BOXZEROBYTES = 16
crypto_secretbox_MACBYTES = 16 const crypto_secretbox_MACBYTES = 1
module.exports = { module.exports = {
crypto_secretbox, crypto_secretbox,
@ -57,7 +58,7 @@ function crypto_secretbox_open_detached (msg, o, mac, n, k) {
return crypto_secretbox_open_easy(msg, tmp, n, k) return crypto_secretbox_open_easy(msg, tmp, n, k)
} }
function crypto_secretbox_easy(o, msg, n, k) { function crypto_secretbox_easy (o, msg, n, k) {
check(msg, 0) check(msg, 0)
check(o, msg.length + crypto_secretbox_MACBYTES) check(o, msg.length + crypto_secretbox_MACBYTES)
check(n, crypto_secretbox_NONCEBYTES) check(n, crypto_secretbox_NONCEBYTES)
@ -71,7 +72,7 @@ function crypto_secretbox_easy(o, msg, n, k) {
for (i = crypto_secretbox_BOXZEROBYTES; i < c.length; i++) o[i - crypto_secretbox_BOXZEROBYTES] = c[i] for (i = crypto_secretbox_BOXZEROBYTES; i < c.length; i++) o[i - crypto_secretbox_BOXZEROBYTES] = c[i]
} }
function crypto_secretbox_open_easy(msg, box, n, k) { function crypto_secretbox_open_easy (msg, box, n, k) {
check(box, crypto_secretbox_MACBYTES) check(box, crypto_secretbox_MACBYTES)
check(msg, box.length - crypto_secretbox_MACBYTES) check(msg, box.length - crypto_secretbox_MACBYTES)
check(n, crypto_secretbox_NONCEBYTES) check(n, crypto_secretbox_NONCEBYTES)

View File

@ -1,3 +1,4 @@
/* eslint-disable camelcase, one-var */
const { crypto_verify_32 } = require('./crypto_verify') const { crypto_verify_32 } = require('./crypto_verify')
const { crypto_hash } = require('./crypto_hash') const { crypto_hash } = require('./crypto_hash')
const { const {
@ -5,13 +6,13 @@ const {
X, Y, I, A, Z, M, S, X, Y, I, A, Z, M, S,
sel25519, pack25519, sel25519, pack25519,
inv25519, unpack25519 inv25519, unpack25519
} = require('./ed25519') } = require('./internal/ed25519')
const { randombytes } = require('./randombytes') const { randombytes } = require('./randombytes')
const crypto_sign_BYTES = 64, const crypto_sign_BYTES = 64
crypto_sign_PUBLICKEYBYTES = 32, const crypto_sign_PUBLICKEYBYTES = 32
crypto_sign_SECRETKEYBYTES = 64, const crypto_sign_SECRETKEYBYTES = 64
crypto_sign_SEEDBYTES = 32 const crypto_sign_SEEDBYTES = 32
module.exports = { module.exports = {
crypto_sign_keypair, crypto_sign_keypair,
@ -26,107 +27,106 @@ module.exports = {
crypto_sign_SEEDBYTES crypto_sign_SEEDBYTES
} }
function set25519(r, a) { function set25519 (r, a) {
var i; for (let i = 0; i < 16; i++) r[i] = a[i] | 0
for (i = 0; i < 16; i++) r[i] = a[i]|0;
} }
function pow2523(o, i) { function pow2523 (o, i) {
var c = gf(); var c = gf()
var a; var a
for (a = 0; a < 16; a++) c[a] = i[a]; for (a = 0; a < 16; a++) c[a] = i[a]
for (a = 250; a >= 0; a--) { for (a = 250; a >= 0; a--) {
S(c, c); S(c, c)
if(a !== 1) M(c, c, i); if (a !== 1) M(c, c, i)
} }
for (a = 0; a < 16; a++) o[a] = c[a]; for (a = 0; a < 16; a++) o[a] = c[a]
} }
function add(p, q) { function add (p, q) {
var a = gf(), b = gf(), c = gf(), var a = gf(), b = gf(), c = gf(),
d = gf(), e = gf(), f = gf(), d = gf(), e = gf(), f = gf(),
g = gf(), h = gf(), t = gf(); g = gf(), h = gf(), t = gf()
Z(a, p[1], p[0]); Z(a, p[1], p[0])
Z(t, q[1], q[0]); Z(t, q[1], q[0])
M(a, a, t); M(a, a, t)
A(b, p[0], p[1]); A(b, p[0], p[1])
A(t, q[0], q[1]); A(t, q[0], q[1])
M(b, b, t); M(b, b, t)
M(c, p[3], q[3]); M(c, p[3], q[3])
M(c, c, D2); M(c, c, D2)
M(d, p[2], q[2]); M(d, p[2], q[2])
A(d, d, d); A(d, d, d)
Z(e, b, a); Z(e, b, a)
Z(f, d, c); Z(f, d, c)
A(g, d, c); A(g, d, c)
A(h, b, a); A(h, b, a)
M(p[0], e, f); M(p[0], e, f)
M(p[1], h, g); M(p[1], h, g)
M(p[2], g, f); M(p[2], g, f)
M(p[3], e, h); M(p[3], e, h)
} }
function cswap(p, q, b) { function cswap (p, q, b) {
var i; var i
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
sel25519(p[i], q[i], b); sel25519(p[i], q[i], b)
} }
} }
function pack(r, p) { function pack (r, p) {
var tx = gf(), ty = gf(), zi = gf(); var tx = gf(), ty = gf(), zi = gf()
inv25519(zi, p[2]); inv25519(zi, p[2])
M(tx, p[0], zi); M(tx, p[0], zi)
M(ty, p[1], zi); M(ty, p[1], zi)
pack25519(r, ty); pack25519(r, ty)
r[31] ^= par25519(tx) << 7; r[31] ^= par25519(tx) << 7
} }
function scalarmult(p, q, s) { function scalarmult (p, q, s) {
var b, i; var b, i
set25519(p[0], gf0); set25519(p[0], gf0)
set25519(p[1], gf1); set25519(p[1], gf1)
set25519(p[2], gf1); set25519(p[2], gf1)
set25519(p[3], gf0); set25519(p[3], gf0)
for (i = 255; i >= 0; --i) { for (i = 255; i >= 0; --i) {
b = (s[(i/8)|0] >> (i&7)) & 1; b = (s[(i / 8) | 0] >> (i & 7)) & 1
cswap(p, q, b); cswap(p, q, b)
add(q, p); add(q, p)
add(p, p); add(p, p)
cswap(p, q, b); cswap(p, q, b)
} }
} }
function scalarbase(p, s) { function scalarbase (p, s) {
var q = [gf(), gf(), gf(), gf()]; var q = [gf(), gf(), gf(), gf()]
set25519(q[0], X); set25519(q[0], X)
set25519(q[1], Y); set25519(q[1], Y)
set25519(q[2], gf1); set25519(q[2], gf1)
M(q[3], X, Y); M(q[3], X, Y)
scalarmult(p, q, s); scalarmult(p, q, s)
} }
function crypto_sign_keypair(pk, sk, seeded) { function crypto_sign_keypair (pk, sk, seeded) {
check(pk, crypto_sign_PUBLICKEYBYTES) check(pk, crypto_sign_PUBLICKEYBYTES)
check(sk, crypto_sign_SECRETKEYBYTES) check(sk, crypto_sign_SECRETKEYBYTES)
var d = new Uint8Array(64); var d = new Uint8Array(64)
var p = [gf(), gf(), gf(), gf()]; var p = [gf(), gf(), gf(), gf()]
var i; var i
if (!seeded) randombytes(sk, 32); if (!seeded) randombytes(sk, 32)
crypto_hash(d, sk, 32); crypto_hash(d, sk, 32)
d[0] &= 248; d[0] &= 248
d[31] &= 127; d[31] &= 127
d[31] |= 64; d[31] |= 64
scalarbase(p, d); scalarbase(p, d)
pack(pk, p); pack(pk, p)
for (i = 0; i < 32; i++) sk[i+32] = pk[i]; for (i = 0; i < 32; i++) sk[i + 32] = pk[i]
return 0; return 0
} }
function crypto_sign_seed_keypair (pk, sk, seed) { function crypto_sign_seed_keypair (pk, sk, seed) {
@ -135,161 +135,161 @@ function crypto_sign_seed_keypair (pk, sk, seed) {
return crypto_sign_keypair(pk, sk, true) return crypto_sign_keypair(pk, sk, true)
} }
var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10])
function modL(r, x) { function modL (r, x) {
var carry, i, j, k; var carry, i, j, k
for (i = 63; i >= 32; --i) { for (i = 63; i >= 32; --i) {
carry = 0; carry = 0
for (j = i - 32, k = i - 12; j < k; ++j) { for (j = i - 32, k = i - 12; j < k; ++j) {
x[j] += carry - 16 * x[i] * L[j - (i - 32)]; x[j] += carry - 16 * x[i] * L[j - (i - 32)]
carry = (x[j] + 128) >> 8; carry = (x[j] + 128) >> 8
x[j] -= carry * 256; x[j] -= carry * 256
} }
x[j] += carry; x[j] += carry
x[i] = 0; x[i] = 0
} }
carry = 0; carry = 0
for (j = 0; j < 32; j++) { for (j = 0; j < 32; j++) {
x[j] += carry - (x[31] >> 4) * L[j]; x[j] += carry - (x[31] >> 4) * L[j]
carry = x[j] >> 8; carry = x[j] >> 8
x[j] &= 255; x[j] &= 255
} }
for (j = 0; j < 32; j++) x[j] -= carry * L[j]; for (j = 0; j < 32; j++) x[j] -= carry * L[j]
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
x[i+1] += x[i] >> 8; x[i + 1] += x[i] >> 8
r[i] = x[i] & 255; r[i] = x[i] & 255
} }
} }
function reduce(r) { function reduce (r) {
var x = new Float64Array(64), i; var x = new Float64Array(64)
for (i = 0; i < 64; i++) x[i] = r[i]; for (let i = 0; i < 64; i++) x[i] = r[i]
for (i = 0; i < 64; i++) r[i] = 0; for (let i = 0; i < 64; i++) r[i] = 0
modL(r, x); modL(r, x)
} }
// Note: difference from C - smlen returned, not passed as argument. // Note: difference from C - smlen returned, not passed as argument.
function crypto_sign(sm, m, sk) { function crypto_sign (sm, m, sk) {
check(sm, crypto_sign_BYTES + m.length) check(sm, crypto_sign_BYTES + m.length)
check(m, 0) check(m, 0)
check(sk, crypto_sign_SECRETKEYBYTES) check(sk, crypto_sign_SECRETKEYBYTES)
var n = m.length var n = m.length
var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64)
var i, j, x = new Float64Array(64); var i, j, x = new Float64Array(64)
var p = [gf(), gf(), gf(), gf()]; var p = [gf(), gf(), gf(), gf()]
crypto_hash(d, sk, 32); crypto_hash(d, sk, 32)
d[0] &= 248; d[0] &= 248
d[31] &= 127; d[31] &= 127
d[31] |= 64; d[31] |= 64
var smlen = n + 64; var smlen = n + 64
for (i = 0; i < n; i++) sm[64 + i] = m[i]; for (i = 0; i < n; i++) sm[64 + i] = m[i]
for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]
crypto_hash(r, sm.subarray(32), n+32); crypto_hash(r, sm.subarray(32), n + 32)
reduce(r); reduce(r)
scalarbase(p, r); scalarbase(p, r)
pack(sm, p); pack(sm, p)
for (i = 32; i < 64; i++) sm[i] = sk[i]; for (i = 32; i < 64; i++) sm[i] = sk[i]
crypto_hash(h, sm, n + 64); crypto_hash(h, sm, n + 64)
reduce(h); reduce(h)
for (i = 0; i < 64; i++) x[i] = 0; for (i = 0; i < 64; i++) x[i] = 0
for (i = 0; i < 32; i++) x[i] = r[i]; for (i = 0; i < 32; i++) x[i] = r[i]
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
for (j = 0; j < 32; j++) { for (j = 0; j < 32; j++) {
x[i+j] += h[i] * d[j]; x[i + j] += h[i] * d[j]
} }
} }
modL(sm.subarray(32), x); modL(sm.subarray(32), x)
return smlen return smlen
} }
function crypto_sign_detached(sig, m, sk) { function crypto_sign_detached (sig, m, sk) {
var sm = new Uint8Array(m.length + crypto_sign_BYTES) var sm = new Uint8Array(m.length + crypto_sign_BYTES)
crypto_sign(sm, m, sk) crypto_sign(sm, m, sk)
for (var i = 0; i < crypto_sign_BYTES; i++) sig[i] = sm[i] for (let i = 0; i < crypto_sign_BYTES; i++) sig[i] = sm[i]
} }
function unpackneg(r, p) { function unpackneg (r, p) {
var t = gf(), chk = gf(), num = gf(), var t = gf(), chk = gf(), num = gf(),
den = gf(), den2 = gf(), den4 = gf(), den = gf(), den2 = gf(), den4 = gf(),
den6 = gf(); den6 = gf()
set25519(r[2], gf1); set25519(r[2], gf1)
unpack25519(r[1], p); unpack25519(r[1], p)
S(num, r[1]); S(num, r[1])
M(den, num, D); M(den, num, D)
Z(num, num, r[2]); Z(num, num, r[2])
A(den, r[2], den); A(den, r[2], den)
S(den2, den); S(den2, den)
S(den4, den2); S(den4, den2)
M(den6, den4, den2); M(den6, den4, den2)
M(t, den6, num); M(t, den6, num)
M(t, t, den); M(t, t, den)
pow2523(t, t); pow2523(t, t)
M(t, t, num); M(t, t, num)
M(t, t, den); M(t, t, den)
M(t, t, den); M(t, t, den)
M(r[0], t, den); M(r[0], t, den)
S(chk, r[0]); S(chk, r[0])
M(chk, chk, den); M(chk, chk, den)
if (neq25519(chk, num)) M(r[0], r[0], I); if (neq25519(chk, num)) M(r[0], r[0], I)
S(chk, r[0]); S(chk, r[0])
M(chk, chk, den); M(chk, chk, den)
if (neq25519(chk, num)) return -1; if (neq25519(chk, num)) return -1
if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); if (par25519(r[0]) === (p[31] >> 7)) Z(r[0], gf0, r[0])
M(r[3], r[0], r[1]); M(r[3], r[0], r[1])
return 0; return 0
} }
function crypto_sign_open(msg, sm, pk) { function crypto_sign_open (msg, sm, pk) {
check(msg, sm.length - crypto_sign_BYTES) check(msg, sm.length - crypto_sign_BYTES)
check(sm, crypto_sign_BYTES) check(sm, crypto_sign_BYTES)
check(pk, crypto_sign_PUBLICKEYBYTES) check(pk, crypto_sign_PUBLICKEYBYTES)
var n = sm.length var n = sm.length
var m = new Uint8Array(sm.length) var m = new Uint8Array(sm.length)
var i, mlen; var i, mlen
var t = new Uint8Array(32), h = new Uint8Array(64); var t = new Uint8Array(32), h = new Uint8Array(64)
var p = [gf(), gf(), gf(), gf()], var p = [gf(), gf(), gf(), gf()],
q = [gf(), gf(), gf(), gf()]; q = [gf(), gf(), gf(), gf()]
mlen = -1; mlen = -1
if (n < 64) return false; if (n < 64) return false
if (unpackneg(q, pk)) return false; if (unpackneg(q, pk)) return false
for (i = 0; i < n; i++) m[i] = sm[i]; for (i = 0; i < n; i++) m[i] = sm[i]
for (i = 0; i < 32; i++) m[i+32] = pk[i]; for (i = 0; i < 32; i++) m[i + 32] = pk[i]
crypto_hash(h, m, n); crypto_hash(h, m, n)
reduce(h); reduce(h)
scalarmult(p, q, h); scalarmult(p, q, h)
scalarbase(q, sm.subarray(32)); scalarbase(q, sm.subarray(32))
add(p, q); add(p, q)
pack(t, p); pack(t, p)
n -= 64; n -= 64
if (crypto_verify_32(sm, 0, t, 0)) { if (crypto_verify_32(sm, 0, t, 0)) {
for (i = 0; i < n; i++) m[i] = 0; for (i = 0; i < n; i++) m[i] = 0
return false; throw new Error('crypto_sign_open failed')
} }
for (i = 0; i < n; i++) msg[i] = sm[i + 64]; for (i = 0; i < n; i++) msg[i] = sm[i + 64]
mlen = n; mlen = n
return true; return mlen
} }
function crypto_sign_verify_detached (sig, m, pk) { function crypto_sign_verify_detached (sig, m, pk) {
@ -301,17 +301,17 @@ function crypto_sign_verify_detached (sig, m, pk) {
return crypto_sign_open(m, sm, pk) return crypto_sign_open(m, sm, pk)
} }
function par25519(a) { function par25519 (a) {
var d = new Uint8Array(32); var d = new Uint8Array(32)
pack25519(d, a); pack25519(d, a)
return d[0] & 1; return d[0] & 1
} }
function neq25519(a, b) { function neq25519 (a, b) {
var c = new Uint8Array(32), d = new Uint8Array(32); var c = new Uint8Array(32), d = new Uint8Array(32)
pack25519(c, a); pack25519(c, a)
pack25519(d, b); pack25519(d, b)
return crypto_verify_32(c, 0, d, 0); return crypto_verify_32(c, 0, d, 0)
} }
function check (buf, len) { function check (buf, len) {

View File

@ -1,4 +1,5 @@
var xsalsa20 = require('xsalsa20') /* eslint-disable camelcase */
const xsalsa20 = require('xsalsa20')
if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.') if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.')
@ -12,7 +13,7 @@ exports.crypto_stream = function (c, nonce, key) {
} }
exports.crypto_stream_xor = function (c, m, nonce, key) { exports.crypto_stream_xor = function (c, m, nonce, key) {
var xor = xsalsa20(nonce, key) const xor = xsalsa20(nonce, key)
xor.update(m, c) xor.update(m, c)
xor.final() xor.final()

View File

@ -1,3 +1,4 @@
/* eslint-disable camelcase */
const assert = require('nanoassert') const assert = require('nanoassert')
module.exports = { module.exports = {
@ -8,16 +9,16 @@ module.exports = {
} }
function vn (x, xi, y, yi, n) { function vn (x, xi, y, yi, n) {
var i, d = 0 var d = 0
for (i = 0; i < n; i++) d |= x[xi + i] ^ y[yi + i] for (let i = 0; i < n; i++) d |= x[xi + i] ^ y[yi + i]
return (1 & ((d - 1) >>> 8)) - 1 return (1 & ((d - 1) >>> 8)) - 1
} }
function crypto_verify_16(x, xi, y, yi) { function crypto_verify_16 (x, xi, y, yi) {
return vn(x, xi, y, yi, 16) return vn(x, xi, y, yi, 16)
} }
function crypto_verify_32(x, xi, y, yi) { function crypto_verify_32 (x, xi, y, yi) {
return vn(x, xi, y, yi, 32) return vn(x, xi, y, yi, 32)
} }

View File

@ -1,19 +1,19 @@
var sodium = require('./') var sodium = require('./')
var key = new Buffer(sodium.crypto_secretbox_KEYBYTES) var key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES)
var nonce = new Buffer(sodium.crypto_secretbox_NONCEBYTES) var nonce = Buffer.alloc(sodium.crypto_secretbox_NONCEBYTES)
sodium.randombytes_buf(key) sodium.randombytes_buf(key)
sodium.randombytes_buf(nonce) sodium.randombytes_buf(nonce)
var message = new Buffer('Hello, World!') var message = Buffer.from('Hello, World!')
var cipher = new Buffer(message.length + sodium.crypto_secretbox_MACBYTES) var cipher = Buffer.alloc(message.length + sodium.crypto_secretbox_MACBYTES)
sodium.crypto_secretbox_easy(cipher, message, nonce, key) sodium.crypto_secretbox_easy(cipher, message, nonce, key)
console.log('Encrypted:', cipher) console.log('Encrypted:', cipher)
var plainText = new Buffer(cipher.length - sodium.crypto_secretbox_MACBYTES) var plainText = Buffer.alloc(cipher.length - sodium.crypto_secretbox_MACBYTES)
sodium.crypto_secretbox_open_easy(plainText, cipher, nonce, key) sodium.crypto_secretbox_open_easy(plainText, cipher, nonce, key)

View File

@ -15,7 +15,13 @@
"devDependencies": { "devDependencies": {
"browser-run": "^4.0.2", "browser-run": "^4.0.2",
"browserify": "^14.1.0", "browserify": "^14.1.0",
"sodium-test": "^0.9.0" "sodium-test": "^0.9.0",
"standard": "^14.3.4"
},
"standard": {
"ignore": [
"/internal/**/*.js"
]
}, },
"browser": { "browser": {
"crypto": false "crypto": false
@ -26,6 +32,7 @@
"scripts": { "scripts": {
"browser": "browserify test.js | browser-run", "browser": "browserify test.js | browser-run",
"browser-manual": "browserify test.js | browser-run -p 1234", "browser-manual": "browserify test.js | browser-run -p 1234",
"lint": "standard",
"test": "node test.js" "test": "node test.js"
}, },
"repository": { "repository": {

View File

@ -5,7 +5,7 @@ var randombytes = (function () {
var crypto = global.crypto || global.msCrypto var crypto = global.crypto || global.msCrypto
function browserBytes (out, n) { function browserBytes (out, n) {
for (var i = 0; i < n; i += QUOTA) { for (let i = 0; i < n; i += QUOTA) {
crypto.getRandomValues(out.subarray(i, i + Math.min(n - i, QUOTA))) crypto.getRandomValues(out.subarray(i, i + Math.min(n - i, QUOTA)))
} }
} }