diff options
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/primitives/nacl-fast.ts | 1362 |
1 files changed, 98 insertions, 1264 deletions
diff --git a/src/crypto/primitives/nacl-fast.ts b/src/crypto/primitives/nacl-fast.ts index 1defe1ad0..8d4aaeb63 100644 --- a/src/crypto/primitives/nacl-fast.ts +++ b/src/crypto/primitives/nacl-fast.ts @@ -5,7 +5,7 @@ // Implementation derived from TweetNaCl version 20140427. // See for details: http://tweetnacl.cr.yp.to/ -const gf = function (init: number[] = []) { +const gf = function (init: number[] = []): Float64Array { const r = new Float64Array(16); if (init) for (let i = 0; i < init.length; i++) r[i] = init[i]; return r; @@ -16,7 +16,6 @@ let randombytes = function (x: Uint8Array, n: number): void { throw new Error("no PRNG"); }; -const _0 = new Uint8Array(16); const _9 = new Uint8Array(32); _9[0] = 9; @@ -115,7 +114,7 @@ const I = gf([ 0x2b83, ]); -function ts64(x: Uint8Array, i: number, h: number, l: number) { +function ts64(x: Uint8Array, i: number, h: number, l: number): void { x[i] = (h >> 24) & 0xff; x[i + 1] = (h >> 16) & 0xff; x[i + 2] = (h >> 8) & 0xff; @@ -126,20 +125,17 @@ function ts64(x: Uint8Array, i: number, h: number, l: number) { x[i + 7] = l & 0xff; } -function vn(x: Uint8Array, xi: number, y: Uint8Array, yi: number, n: number) { - let i, - d = 0; - for (i = 0; i < n; i++) d |= x[xi + i] ^ y[yi + i]; - return (1 & ((d - 1) >>> 8)) - 1; -} - -function crypto_verify_16( +function vn( x: Uint8Array, xi: number, y: Uint8Array, yi: number, -) { - return vn(x, xi, y, yi, 16); + n: number, +): number { + let i, + d = 0; + for (i = 0; i < n; i++) d |= x[xi + i] ^ y[yi + i]; + return (1 & ((d - 1) >>> 8)) - 1; } function crypto_verify_32( @@ -147,1014 +143,16 @@ function crypto_verify_32( xi: number, y: Uint8Array, yi: number, -) { +): number { return vn(x, xi, y, yi, 32); } -// prettier-ignore -function core_salsa20(o: Uint8Array, p: Uint8Array, k: Uint8Array, c: Uint8Array) { - const j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24, - j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24, - j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24, - j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24, - j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24, - j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24, - j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24, - j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24, - j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24, - j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24, - j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24, - j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24, - j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24, - j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24, - j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24, - j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24; - - let x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7, - x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14, - x15 = j15, u; - - for (let i = 0; i < 20; i += 2) { - u = x0 + x12 | 0; - x4 ^= u<<7 | u>>>(32-7); - u = x4 + x0 | 0; - x8 ^= u<<9 | u>>>(32-9); - u = x8 + x4 | 0; - x12 ^= u<<13 | u>>>(32-13); - u = x12 + x8 | 0; - x0 ^= u<<18 | u>>>(32-18); - - u = x5 + x1 | 0; - x9 ^= u<<7 | u>>>(32-7); - u = x9 + x5 | 0; - x13 ^= u<<9 | u>>>(32-9); - u = x13 + x9 | 0; - x1 ^= u<<13 | u>>>(32-13); - u = x1 + x13 | 0; - x5 ^= u<<18 | u>>>(32-18); - - u = x10 + x6 | 0; - x14 ^= u<<7 | u>>>(32-7); - u = x14 + x10 | 0; - x2 ^= u<<9 | u>>>(32-9); - u = x2 + x14 | 0; - x6 ^= u<<13 | u>>>(32-13); - u = x6 + x2 | 0; - x10 ^= u<<18 | u>>>(32-18); - - u = x15 + x11 | 0; - x3 ^= u<<7 | u>>>(32-7); - u = x3 + x15 | 0; - x7 ^= u<<9 | u>>>(32-9); - u = x7 + x3 | 0; - x11 ^= u<<13 | u>>>(32-13); - u = x11 + x7 | 0; - x15 ^= u<<18 | u>>>(32-18); - - u = x0 + x3 | 0; - x1 ^= u<<7 | u>>>(32-7); - u = x1 + x0 | 0; - x2 ^= u<<9 | u>>>(32-9); - u = x2 + x1 | 0; - x3 ^= u<<13 | u>>>(32-13); - u = x3 + x2 | 0; - x0 ^= u<<18 | u>>>(32-18); - - u = x5 + x4 | 0; - x6 ^= u<<7 | u>>>(32-7); - u = x6 + x5 | 0; - x7 ^= u<<9 | u>>>(32-9); - u = x7 + x6 | 0; - x4 ^= u<<13 | u>>>(32-13); - u = x4 + x7 | 0; - x5 ^= u<<18 | u>>>(32-18); - - u = x10 + x9 | 0; - x11 ^= u<<7 | u>>>(32-7); - u = x11 + x10 | 0; - x8 ^= u<<9 | u>>>(32-9); - u = x8 + x11 | 0; - x9 ^= u<<13 | u>>>(32-13); - u = x9 + x8 | 0; - x10 ^= u<<18 | u>>>(32-18); - - u = x15 + x14 | 0; - x12 ^= u<<7 | u>>>(32-7); - u = x12 + x15 | 0; - x13 ^= u<<9 | u>>>(32-9); - u = x13 + x12 | 0; - x14 ^= u<<13 | u>>>(32-13); - u = x14 + x13 | 0; - x15 ^= u<<18 | u>>>(32-18); - } - x0 = x0 + j0 | 0; - x1 = x1 + j1 | 0; - x2 = x2 + j2 | 0; - x3 = x3 + j3 | 0; - x4 = x4 + j4 | 0; - x5 = x5 + j5 | 0; - x6 = x6 + j6 | 0; - x7 = x7 + j7 | 0; - x8 = x8 + j8 | 0; - x9 = x9 + j9 | 0; - x10 = x10 + j10 | 0; - x11 = x11 + j11 | 0; - x12 = x12 + j12 | 0; - x13 = x13 + j13 | 0; - x14 = x14 + j14 | 0; - x15 = x15 + j15 | 0; - - o[ 0] = x0 >>> 0 & 0xff; - o[ 1] = x0 >>> 8 & 0xff; - o[ 2] = x0 >>> 16 & 0xff; - o[ 3] = x0 >>> 24 & 0xff; - - o[ 4] = x1 >>> 0 & 0xff; - o[ 5] = x1 >>> 8 & 0xff; - o[ 6] = x1 >>> 16 & 0xff; - o[ 7] = x1 >>> 24 & 0xff; - - o[ 8] = x2 >>> 0 & 0xff; - o[ 9] = x2 >>> 8 & 0xff; - o[10] = x2 >>> 16 & 0xff; - o[11] = x2 >>> 24 & 0xff; - - o[12] = x3 >>> 0 & 0xff; - o[13] = x3 >>> 8 & 0xff; - o[14] = x3 >>> 16 & 0xff; - o[15] = x3 >>> 24 & 0xff; - - o[16] = x4 >>> 0 & 0xff; - o[17] = x4 >>> 8 & 0xff; - o[18] = x4 >>> 16 & 0xff; - o[19] = x4 >>> 24 & 0xff; - - o[20] = x5 >>> 0 & 0xff; - o[21] = x5 >>> 8 & 0xff; - o[22] = x5 >>> 16 & 0xff; - o[23] = x5 >>> 24 & 0xff; - - o[24] = x6 >>> 0 & 0xff; - o[25] = x6 >>> 8 & 0xff; - o[26] = x6 >>> 16 & 0xff; - o[27] = x6 >>> 24 & 0xff; - - o[28] = x7 >>> 0 & 0xff; - o[29] = x7 >>> 8 & 0xff; - o[30] = x7 >>> 16 & 0xff; - o[31] = x7 >>> 24 & 0xff; - - o[32] = x8 >>> 0 & 0xff; - o[33] = x8 >>> 8 & 0xff; - o[34] = x8 >>> 16 & 0xff; - o[35] = x8 >>> 24 & 0xff; - - o[36] = x9 >>> 0 & 0xff; - o[37] = x9 >>> 8 & 0xff; - o[38] = x9 >>> 16 & 0xff; - o[39] = x9 >>> 24 & 0xff; - - o[40] = x10 >>> 0 & 0xff; - o[41] = x10 >>> 8 & 0xff; - o[42] = x10 >>> 16 & 0xff; - o[43] = x10 >>> 24 & 0xff; - - o[44] = x11 >>> 0 & 0xff; - o[45] = x11 >>> 8 & 0xff; - o[46] = x11 >>> 16 & 0xff; - o[47] = x11 >>> 24 & 0xff; - - o[48] = x12 >>> 0 & 0xff; - o[49] = x12 >>> 8 & 0xff; - o[50] = x12 >>> 16 & 0xff; - o[51] = x12 >>> 24 & 0xff; - - o[52] = x13 >>> 0 & 0xff; - o[53] = x13 >>> 8 & 0xff; - o[54] = x13 >>> 16 & 0xff; - o[55] = x13 >>> 24 & 0xff; - - o[56] = x14 >>> 0 & 0xff; - o[57] = x14 >>> 8 & 0xff; - o[58] = x14 >>> 16 & 0xff; - o[59] = x14 >>> 24 & 0xff; - - o[60] = x15 >>> 0 & 0xff; - o[61] = x15 >>> 8 & 0xff; - o[62] = x15 >>> 16 & 0xff; - o[63] = x15 >>> 24 & 0xff; -} - -function core_hsalsa20( - o: Uint8Array, - p: Uint8Array, - k: Uint8Array, - c: Uint8Array, -) { - const j0 = - (c[0] & 0xff) | - ((c[1] & 0xff) << 8) | - ((c[2] & 0xff) << 16) | - ((c[3] & 0xff) << 24), - j1 = - (k[0] & 0xff) | - ((k[1] & 0xff) << 8) | - ((k[2] & 0xff) << 16) | - ((k[3] & 0xff) << 24), - j2 = - (k[4] & 0xff) | - ((k[5] & 0xff) << 8) | - ((k[6] & 0xff) << 16) | - ((k[7] & 0xff) << 24), - j3 = - (k[8] & 0xff) | - ((k[9] & 0xff) << 8) | - ((k[10] & 0xff) << 16) | - ((k[11] & 0xff) << 24), - j4 = - (k[12] & 0xff) | - ((k[13] & 0xff) << 8) | - ((k[14] & 0xff) << 16) | - ((k[15] & 0xff) << 24), - j5 = - (c[4] & 0xff) | - ((c[5] & 0xff) << 8) | - ((c[6] & 0xff) << 16) | - ((c[7] & 0xff) << 24), - j6 = - (p[0] & 0xff) | - ((p[1] & 0xff) << 8) | - ((p[2] & 0xff) << 16) | - ((p[3] & 0xff) << 24), - j7 = - (p[4] & 0xff) | - ((p[5] & 0xff) << 8) | - ((p[6] & 0xff) << 16) | - ((p[7] & 0xff) << 24), - j8 = - (p[8] & 0xff) | - ((p[9] & 0xff) << 8) | - ((p[10] & 0xff) << 16) | - ((p[11] & 0xff) << 24), - j9 = - (p[12] & 0xff) | - ((p[13] & 0xff) << 8) | - ((p[14] & 0xff) << 16) | - ((p[15] & 0xff) << 24), - j10 = - (c[8] & 0xff) | - ((c[9] & 0xff) << 8) | - ((c[10] & 0xff) << 16) | - ((c[11] & 0xff) << 24), - j11 = - (k[16] & 0xff) | - ((k[17] & 0xff) << 8) | - ((k[18] & 0xff) << 16) | - ((k[19] & 0xff) << 24), - j12 = - (k[20] & 0xff) | - ((k[21] & 0xff) << 8) | - ((k[22] & 0xff) << 16) | - ((k[23] & 0xff) << 24), - j13 = - (k[24] & 0xff) | - ((k[25] & 0xff) << 8) | - ((k[26] & 0xff) << 16) | - ((k[27] & 0xff) << 24), - j14 = - (k[28] & 0xff) | - ((k[29] & 0xff) << 8) | - ((k[30] & 0xff) << 16) | - ((k[31] & 0xff) << 24), - j15 = - (c[12] & 0xff) | - ((c[13] & 0xff) << 8) | - ((c[14] & 0xff) << 16) | - ((c[15] & 0xff) << 24); - - let x0 = j0, - x1 = j1, - x2 = j2, - x3 = j3, - x4 = j4, - x5 = j5, - x6 = j6, - x7 = j7, - x8 = j8, - x9 = j9, - x10 = j10, - x11 = j11, - x12 = j12, - x13 = j13, - x14 = j14, - x15 = j15, - u; - - for (let i = 0; i < 20; i += 2) { - u = (x0 + x12) | 0; - x4 ^= (u << 7) | (u >>> (32 - 7)); - u = (x4 + x0) | 0; - x8 ^= (u << 9) | (u >>> (32 - 9)); - u = (x8 + x4) | 0; - x12 ^= (u << 13) | (u >>> (32 - 13)); - u = (x12 + x8) | 0; - x0 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x5 + x1) | 0; - x9 ^= (u << 7) | (u >>> (32 - 7)); - u = (x9 + x5) | 0; - x13 ^= (u << 9) | (u >>> (32 - 9)); - u = (x13 + x9) | 0; - x1 ^= (u << 13) | (u >>> (32 - 13)); - u = (x1 + x13) | 0; - x5 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x10 + x6) | 0; - x14 ^= (u << 7) | (u >>> (32 - 7)); - u = (x14 + x10) | 0; - x2 ^= (u << 9) | (u >>> (32 - 9)); - u = (x2 + x14) | 0; - x6 ^= (u << 13) | (u >>> (32 - 13)); - u = (x6 + x2) | 0; - x10 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x15 + x11) | 0; - x3 ^= (u << 7) | (u >>> (32 - 7)); - u = (x3 + x15) | 0; - x7 ^= (u << 9) | (u >>> (32 - 9)); - u = (x7 + x3) | 0; - x11 ^= (u << 13) | (u >>> (32 - 13)); - u = (x11 + x7) | 0; - x15 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x0 + x3) | 0; - x1 ^= (u << 7) | (u >>> (32 - 7)); - u = (x1 + x0) | 0; - x2 ^= (u << 9) | (u >>> (32 - 9)); - u = (x2 + x1) | 0; - x3 ^= (u << 13) | (u >>> (32 - 13)); - u = (x3 + x2) | 0; - x0 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x5 + x4) | 0; - x6 ^= (u << 7) | (u >>> (32 - 7)); - u = (x6 + x5) | 0; - x7 ^= (u << 9) | (u >>> (32 - 9)); - u = (x7 + x6) | 0; - x4 ^= (u << 13) | (u >>> (32 - 13)); - u = (x4 + x7) | 0; - x5 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x10 + x9) | 0; - x11 ^= (u << 7) | (u >>> (32 - 7)); - u = (x11 + x10) | 0; - x8 ^= (u << 9) | (u >>> (32 - 9)); - u = (x8 + x11) | 0; - x9 ^= (u << 13) | (u >>> (32 - 13)); - u = (x9 + x8) | 0; - x10 ^= (u << 18) | (u >>> (32 - 18)); - - u = (x15 + x14) | 0; - x12 ^= (u << 7) | (u >>> (32 - 7)); - u = (x12 + x15) | 0; - x13 ^= (u << 9) | (u >>> (32 - 9)); - u = (x13 + x12) | 0; - x14 ^= (u << 13) | (u >>> (32 - 13)); - u = (x14 + x13) | 0; - x15 ^= (u << 18) | (u >>> (32 - 18)); - } - - o[0] = (x0 >>> 0) & 0xff; - o[1] = (x0 >>> 8) & 0xff; - o[2] = (x0 >>> 16) & 0xff; - o[3] = (x0 >>> 24) & 0xff; - - o[4] = (x5 >>> 0) & 0xff; - o[5] = (x5 >>> 8) & 0xff; - o[6] = (x5 >>> 16) & 0xff; - o[7] = (x5 >>> 24) & 0xff; - - o[8] = (x10 >>> 0) & 0xff; - o[9] = (x10 >>> 8) & 0xff; - o[10] = (x10 >>> 16) & 0xff; - o[11] = (x10 >>> 24) & 0xff; - - o[12] = (x15 >>> 0) & 0xff; - o[13] = (x15 >>> 8) & 0xff; - o[14] = (x15 >>> 16) & 0xff; - o[15] = (x15 >>> 24) & 0xff; - - o[16] = (x6 >>> 0) & 0xff; - o[17] = (x6 >>> 8) & 0xff; - o[18] = (x6 >>> 16) & 0xff; - o[19] = (x6 >>> 24) & 0xff; - - o[20] = (x7 >>> 0) & 0xff; - o[21] = (x7 >>> 8) & 0xff; - o[22] = (x7 >>> 16) & 0xff; - o[23] = (x7 >>> 24) & 0xff; - - o[24] = (x8 >>> 0) & 0xff; - o[25] = (x8 >>> 8) & 0xff; - o[26] = (x8 >>> 16) & 0xff; - o[27] = (x8 >>> 24) & 0xff; - - o[28] = (x9 >>> 0) & 0xff; - o[29] = (x9 >>> 8) & 0xff; - o[30] = (x9 >>> 16) & 0xff; - o[31] = (x9 >>> 24) & 0xff; -} - -function crypto_core_salsa20( - out: Uint8Array, - inp: Uint8Array, - k: Uint8Array, - c: Uint8Array, -) { - core_salsa20(out, inp, k, c); -} - -function crypto_core_hsalsa20( - out: Uint8Array, - inp: Uint8Array, - k: Uint8Array, - c: Uint8Array, -) { - core_hsalsa20(out, inp, k, c); -} - -const sigma = new Uint8Array([ - 101, - 120, - 112, - 97, - 110, - 100, - 32, - 51, - 50, - 45, - 98, - 121, - 116, - 101, - 32, - 107, -]); -// "expand 32-byte k" - -function crypto_stream_salsa20_xor( - c: Uint8Array, - cpos: number, - m: Uint8Array, - mpos: number, - b: number, - n: Uint8Array, - k: Uint8Array, -) { - const z = new Uint8Array(16), - x = new Uint8Array(64); - let u, i; - for (i = 0; i < 16; i++) z[i] = 0; - for (i = 0; i < 8; i++) z[i] = n[i]; - while (b >= 64) { - crypto_core_salsa20(x, z, k, sigma); - for (i = 0; i < 64; i++) c[cpos + i] = m[mpos + i] ^ x[i]; - u = 1; - for (i = 8; i < 16; i++) { - u = (u + (z[i] & 0xff)) | 0; - z[i] = u & 0xff; - u >>>= 8; - } - b -= 64; - cpos += 64; - mpos += 64; - } - if (b > 0) { - crypto_core_salsa20(x, z, k, sigma); - for (i = 0; i < b; i++) c[cpos + i] = m[mpos + i] ^ x[i]; - } - return 0; -} - -function crypto_stream_salsa20( - c: Uint8Array, - cpos: number, - b: number, - n: Uint8Array, - k: Uint8Array, -) { - const z = new Uint8Array(16), - x = new Uint8Array(64); - let u, i; - for (i = 0; i < 16; i++) z[i] = 0; - for (i = 0; i < 8; i++) z[i] = n[i]; - while (b >= 64) { - crypto_core_salsa20(x, z, k, sigma); - for (i = 0; i < 64; i++) c[cpos + i] = x[i]; - u = 1; - for (i = 8; i < 16; i++) { - u = (u + (z[i] & 0xff)) | 0; - z[i] = u & 0xff; - u >>>= 8; - } - b -= 64; - cpos += 64; - } - if (b > 0) { - crypto_core_salsa20(x, z, k, sigma); - for (i = 0; i < b; i++) c[cpos + i] = x[i]; - } - return 0; -} - -function crypto_stream( - c: Uint8Array, - cpos: number, - d: number, - n: Uint8Array, - k: Uint8Array, -) { - const s = new Uint8Array(32); - crypto_core_hsalsa20(s, n, k, sigma); - const sn = new Uint8Array(8); - for (let i = 0; i < 8; i++) sn[i] = n[i + 16]; - return crypto_stream_salsa20(c, cpos, d, sn, s); -} - -function crypto_stream_xor( - c: Uint8Array, - cpos: number, - m: Uint8Array, - mpos: number, - d: number, - n: Uint8Array, - k: Uint8Array, -) { - const s = new Uint8Array(32); - crypto_core_hsalsa20(s, n, k, sigma); - const sn = new Uint8Array(8); - for (let i = 0; i < 8; i++) sn[i] = n[i + 16]; - return crypto_stream_salsa20_xor(c, cpos, m, mpos, d, sn, s); -} - -/* - * Port of Andrew Moon's Poly1305-donna-16. Public domain. - * https://github.com/floodyberry/poly1305-donna - */ - -class poly1305 { - buffer = new Uint8Array(16); - r = new Uint16Array(10); - h = new Uint16Array(10); - pad = new Uint16Array(8); - leftover = 0; - fin = 0; - - constructor(key: Uint8Array) { - let t0, t1, t2, t3, t4, t5, t6, t7; - - t0 = (key[0] & 0xff) | ((key[1] & 0xff) << 8); - this.r[0] = t0 & 0x1fff; - t1 = (key[2] & 0xff) | ((key[3] & 0xff) << 8); - this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff; - t2 = (key[4] & 0xff) | ((key[5] & 0xff) << 8); - this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03; - t3 = (key[6] & 0xff) | ((key[7] & 0xff) << 8); - this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff; - t4 = (key[8] & 0xff) | ((key[9] & 0xff) << 8); - this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff; - this.r[5] = (t4 >>> 1) & 0x1ffe; - t5 = (key[10] & 0xff) | ((key[11] & 0xff) << 8); - this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff; - t6 = (key[12] & 0xff) | ((key[13] & 0xff) << 8); - this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81; - t7 = (key[14] & 0xff) | ((key[15] & 0xff) << 8); - this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff; - this.r[9] = (t7 >>> 5) & 0x007f; - - this.pad[0] = (key[16] & 0xff) | ((key[17] & 0xff) << 8); - this.pad[1] = (key[18] & 0xff) | ((key[19] & 0xff) << 8); - this.pad[2] = (key[20] & 0xff) | ((key[21] & 0xff) << 8); - this.pad[3] = (key[22] & 0xff) | ((key[23] & 0xff) << 8); - this.pad[4] = (key[24] & 0xff) | ((key[25] & 0xff) << 8); - this.pad[5] = (key[26] & 0xff) | ((key[27] & 0xff) << 8); - this.pad[6] = (key[28] & 0xff) | ((key[29] & 0xff) << 8); - this.pad[7] = (key[30] & 0xff) | ((key[31] & 0xff) << 8); - } - - blocks(m: Uint8Array, mpos: number, bytes: number) { - const hibit = this.fin ? 0 : 1 << 11; - let t0, t1, t2, t3, t4, t5, t6, t7, c; - let d0, d1, d2, d3, d4, d5, d6, d7, d8, d9; - - let h0 = this.h[0], - h1 = this.h[1], - h2 = this.h[2], - h3 = this.h[3], - h4 = this.h[4], - h5 = this.h[5], - h6 = this.h[6], - h7 = this.h[7], - h8 = this.h[8], - h9 = this.h[9]; - - const r0 = this.r[0], - r1 = this.r[1], - r2 = this.r[2], - r3 = this.r[3], - r4 = this.r[4], - r5 = this.r[5], - r6 = this.r[6], - r7 = this.r[7], - r8 = this.r[8], - r9 = this.r[9]; - - while (bytes >= 16) { - t0 = (m[mpos + 0] & 0xff) | ((m[mpos + 1] & 0xff) << 8); - h0 += t0 & 0x1fff; - t1 = (m[mpos + 2] & 0xff) | ((m[mpos + 3] & 0xff) << 8); - h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff; - t2 = (m[mpos + 4] & 0xff) | ((m[mpos + 5] & 0xff) << 8); - h2 += ((t1 >>> 10) | (t2 << 6)) & 0x1fff; - t3 = (m[mpos + 6] & 0xff) | ((m[mpos + 7] & 0xff) << 8); - h3 += ((t2 >>> 7) | (t3 << 9)) & 0x1fff; - t4 = (m[mpos + 8] & 0xff) | ((m[mpos + 9] & 0xff) << 8); - h4 += ((t3 >>> 4) | (t4 << 12)) & 0x1fff; - h5 += (t4 >>> 1) & 0x1fff; - t5 = (m[mpos + 10] & 0xff) | ((m[mpos + 11] & 0xff) << 8); - h6 += ((t4 >>> 14) | (t5 << 2)) & 0x1fff; - t6 = (m[mpos + 12] & 0xff) | ((m[mpos + 13] & 0xff) << 8); - h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff; - t7 = (m[mpos + 14] & 0xff) | ((m[mpos + 15] & 0xff) << 8); - h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff; - h9 += (t7 >>> 5) | hibit; - - c = 0; - - d0 = c; - d0 += h0 * r0; - d0 += h1 * (5 * r9); - d0 += h2 * (5 * r8); - d0 += h3 * (5 * r7); - d0 += h4 * (5 * r6); - c = d0 >>> 13; - d0 &= 0x1fff; - d0 += h5 * (5 * r5); - d0 += h6 * (5 * r4); - d0 += h7 * (5 * r3); - d0 += h8 * (5 * r2); - d0 += h9 * (5 * r1); - c += d0 >>> 13; - d0 &= 0x1fff; - - d1 = c; - d1 += h0 * r1; - d1 += h1 * r0; - d1 += h2 * (5 * r9); - d1 += h3 * (5 * r8); - d1 += h4 * (5 * r7); - c = d1 >>> 13; - d1 &= 0x1fff; - d1 += h5 * (5 * r6); - d1 += h6 * (5 * r5); - d1 += h7 * (5 * r4); - d1 += h8 * (5 * r3); - d1 += h9 * (5 * r2); - c += d1 >>> 13; - d1 &= 0x1fff; - - d2 = c; - d2 += h0 * r2; - d2 += h1 * r1; - d2 += h2 * r0; - d2 += h3 * (5 * r9); - d2 += h4 * (5 * r8); - c = d2 >>> 13; - d2 &= 0x1fff; - d2 += h5 * (5 * r7); - d2 += h6 * (5 * r6); - d2 += h7 * (5 * r5); - d2 += h8 * (5 * r4); - d2 += h9 * (5 * r3); - c += d2 >>> 13; - d2 &= 0x1fff; - - d3 = c; - d3 += h0 * r3; - d3 += h1 * r2; - d3 += h2 * r1; - d3 += h3 * r0; - d3 += h4 * (5 * r9); - c = d3 >>> 13; - d3 &= 0x1fff; - d3 += h5 * (5 * r8); - d3 += h6 * (5 * r7); - d3 += h7 * (5 * r6); - d3 += h8 * (5 * r5); - d3 += h9 * (5 * r4); - c += d3 >>> 13; - d3 &= 0x1fff; - - d4 = c; - d4 += h0 * r4; - d4 += h1 * r3; - d4 += h2 * r2; - d4 += h3 * r1; - d4 += h4 * r0; - c = d4 >>> 13; - d4 &= 0x1fff; - d4 += h5 * (5 * r9); - d4 += h6 * (5 * r8); - d4 += h7 * (5 * r7); - d4 += h8 * (5 * r6); - d4 += h9 * (5 * r5); - c += d4 >>> 13; - d4 &= 0x1fff; - - d5 = c; - d5 += h0 * r5; - d5 += h1 * r4; - d5 += h2 * r3; - d5 += h3 * r2; - d5 += h4 * r1; - c = d5 >>> 13; - d5 &= 0x1fff; - d5 += h5 * r0; - d5 += h6 * (5 * r9); - d5 += h7 * (5 * r8); - d5 += h8 * (5 * r7); - d5 += h9 * (5 * r6); - c += d5 >>> 13; - d5 &= 0x1fff; - - d6 = c; - d6 += h0 * r6; - d6 += h1 * r5; - d6 += h2 * r4; - d6 += h3 * r3; - d6 += h4 * r2; - c = d6 >>> 13; - d6 &= 0x1fff; - d6 += h5 * r1; - d6 += h6 * r0; - d6 += h7 * (5 * r9); - d6 += h8 * (5 * r8); - d6 += h9 * (5 * r7); - c += d6 >>> 13; - d6 &= 0x1fff; - - d7 = c; - d7 += h0 * r7; - d7 += h1 * r6; - d7 += h2 * r5; - d7 += h3 * r4; - d7 += h4 * r3; - c = d7 >>> 13; - d7 &= 0x1fff; - d7 += h5 * r2; - d7 += h6 * r1; - d7 += h7 * r0; - d7 += h8 * (5 * r9); - d7 += h9 * (5 * r8); - c += d7 >>> 13; - d7 &= 0x1fff; - - d8 = c; - d8 += h0 * r8; - d8 += h1 * r7; - d8 += h2 * r6; - d8 += h3 * r5; - d8 += h4 * r4; - c = d8 >>> 13; - d8 &= 0x1fff; - d8 += h5 * r3; - d8 += h6 * r2; - d8 += h7 * r1; - d8 += h8 * r0; - d8 += h9 * (5 * r9); - c += d8 >>> 13; - d8 &= 0x1fff; - - d9 = c; - d9 += h0 * r9; - d9 += h1 * r8; - d9 += h2 * r7; - d9 += h3 * r6; - d9 += h4 * r5; - c = d9 >>> 13; - d9 &= 0x1fff; - d9 += h5 * r4; - d9 += h6 * r3; - d9 += h7 * r2; - d9 += h8 * r1; - d9 += h9 * r0; - c += d9 >>> 13; - d9 &= 0x1fff; - - c = ((c << 2) + c) | 0; - c = (c + d0) | 0; - d0 = c & 0x1fff; - c = c >>> 13; - d1 += c; - - h0 = d0; - h1 = d1; - h2 = d2; - h3 = d3; - h4 = d4; - h5 = d5; - h6 = d6; - h7 = d7; - h8 = d8; - h9 = d9; - - mpos += 16; - bytes -= 16; - } - this.h[0] = h0; - this.h[1] = h1; - this.h[2] = h2; - this.h[3] = h3; - this.h[4] = h4; - this.h[5] = h5; - this.h[6] = h6; - this.h[7] = h7; - this.h[8] = h8; - this.h[9] = h9; - } - - finish(mac: Uint8Array, macpos: number) { - const g = new Uint16Array(10); - let c, mask, f, i; - - if (this.leftover) { - i = this.leftover; - this.buffer[i++] = 1; - for (; i < 16; i++) this.buffer[i] = 0; - this.fin = 1; - this.blocks(this.buffer, 0, 16); - } - - c = this.h[1] >>> 13; - this.h[1] &= 0x1fff; - for (i = 2; i < 10; i++) { - this.h[i] += c; - c = this.h[i] >>> 13; - this.h[i] &= 0x1fff; - } - this.h[0] += c * 5; - c = this.h[0] >>> 13; - this.h[0] &= 0x1fff; - this.h[1] += c; - c = this.h[1] >>> 13; - this.h[1] &= 0x1fff; - this.h[2] += c; - - g[0] = this.h[0] + 5; - c = g[0] >>> 13; - g[0] &= 0x1fff; - for (i = 1; i < 10; i++) { - g[i] = this.h[i] + c; - c = g[i] >>> 13; - g[i] &= 0x1fff; - } - g[9] -= 1 << 13; - - mask = (c ^ 1) - 1; - for (i = 0; i < 10; i++) g[i] &= mask; - mask = ~mask; - for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i]; - - this.h[0] = (this.h[0] | (this.h[1] << 13)) & 0xffff; - this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10)) & 0xffff; - this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7)) & 0xffff; - this.h[3] = ((this.h[3] >>> 9) | (this.h[4] << 4)) & 0xffff; - this.h[4] = - ((this.h[4] >>> 12) | (this.h[5] << 1) | (this.h[6] << 14)) & 0xffff; - this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11)) & 0xffff; - this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8)) & 0xffff; - this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5)) & 0xffff; - - f = this.h[0] + this.pad[0]; - this.h[0] = f & 0xffff; - for (i = 1; i < 8; i++) { - f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0; - this.h[i] = f & 0xffff; - } - - mac[macpos + 0] = (this.h[0] >>> 0) & 0xff; - mac[macpos + 1] = (this.h[0] >>> 8) & 0xff; - mac[macpos + 2] = (this.h[1] >>> 0) & 0xff; - mac[macpos + 3] = (this.h[1] >>> 8) & 0xff; - mac[macpos + 4] = (this.h[2] >>> 0) & 0xff; - mac[macpos + 5] = (this.h[2] >>> 8) & 0xff; - mac[macpos + 6] = (this.h[3] >>> 0) & 0xff; - mac[macpos + 7] = (this.h[3] >>> 8) & 0xff; - mac[macpos + 8] = (this.h[4] >>> 0) & 0xff; - mac[macpos + 9] = (this.h[4] >>> 8) & 0xff; - mac[macpos + 10] = (this.h[5] >>> 0) & 0xff; - mac[macpos + 11] = (this.h[5] >>> 8) & 0xff; - mac[macpos + 12] = (this.h[6] >>> 0) & 0xff; - mac[macpos + 13] = (this.h[6] >>> 8) & 0xff; - mac[macpos + 14] = (this.h[7] >>> 0) & 0xff; - mac[macpos + 15] = (this.h[7] >>> 8) & 0xff; - } - - update(m: Uint8Array, mpos: number, bytes: number) { - let i, want; - - if (this.leftover) { - want = 16 - this.leftover; - if (want > bytes) want = bytes; - for (i = 0; i < want; i++) this.buffer[this.leftover + i] = m[mpos + i]; - bytes -= want; - mpos += want; - this.leftover += want; - if (this.leftover < 16) return; - this.blocks(this.buffer, 0, 16); - this.leftover = 0; - } - - if (bytes >= 16) { - want = bytes - (bytes % 16); - this.blocks(m, mpos, want); - mpos += want; - bytes -= want; - } - - if (bytes) { - for (i = 0; i < bytes; i++) this.buffer[this.leftover + i] = m[mpos + i]; - this.leftover += bytes; - } - } -} - -function crypto_onetimeauth( - out: Uint8Array, - outpos: number, - m: Uint8Array, - mpos: number, - n: number, - k: Uint8Array, -) { - const s = new poly1305(k); - s.update(m, mpos, n); - s.finish(out, outpos); - return 0; -} - -function crypto_onetimeauth_verify( - h: Uint8Array, - hpos: number, - m: Uint8Array, - mpos: number, - n: number, - k: Uint8Array, -) { - const x = new Uint8Array(16); - crypto_onetimeauth(x, 0, m, mpos, n, k); - return crypto_verify_16(h, hpos, x, 0); -} - -function crypto_secretbox( - c: Uint8Array, - m: Uint8Array, - d: number, - n: Uint8Array, - k: Uint8Array, -) { - let i; - if (d < 32) return -1; - crypto_stream_xor(c, 0, m, 0, d, n, k); - crypto_onetimeauth(c, 16, c, 32, d - 32, c); - for (i = 0; i < 16; i++) c[i] = 0; - return 0; -} - -function crypto_secretbox_open( - m: Uint8Array, - c: Uint8Array, - d: number, - n: Uint8Array, - k: Uint8Array, -) { - let i; - const x = new Uint8Array(32); - if (d < 32) return -1; - crypto_stream(x, 0, 32, n, k); - if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0) return -1; - crypto_stream_xor(m, 0, c, 0, d, n, k); - for (i = 0; i < 32; i++) m[i] = 0; - return 0; -} - -function set25519(r: Float64Array, a: Float64Array) { +function set25519(r: Float64Array, a: Float64Array): void { let i; for (i = 0; i < 16; i++) r[i] = a[i] | 0; } -function car25519(o: Float64Array) { +function car25519(o: Float64Array): void { let i, v, c = 1; @@ -1166,9 +164,9 @@ function car25519(o: Float64Array) { o[0] += c - 1 + 37 * (c - 1); } -function sel25519(p: Float64Array, q: Float64Array, b: number) { - let t, - c = ~(b - 1); +function sel25519(p: Float64Array, q: Float64Array, b: number): void { + let t; + const c = ~(b - 1); for (let i = 0; i < 16; i++) { t = c & (p[i] ^ q[i]); p[i] ^= t; @@ -1176,7 +174,7 @@ function sel25519(p: Float64Array, q: Float64Array, b: number) { } } -function pack25519(o: Uint8Array, n: Float64Array) { +function pack25519(o: Uint8Array, n: Float64Array): void { let i, j, b; const m = gf(), t = gf(); @@ -1201,7 +199,7 @@ function pack25519(o: Uint8Array, n: Float64Array) { } } -function neq25519(a: Float64Array, b: Float64Array) { +function neq25519(a: Float64Array, b: Float64Array): number { const c = new Uint8Array(32), d = new Uint8Array(32); pack25519(c, a); @@ -1209,27 +207,27 @@ function neq25519(a: Float64Array, b: Float64Array) { return crypto_verify_32(c, 0, d, 0); } -function par25519(a: Float64Array) { +function par25519(a: Float64Array): number { const d = new Uint8Array(32); pack25519(d, a); return d[0] & 1; } -function unpack25519(o: Float64Array, n: Uint8Array) { +function unpack25519(o: Float64Array, n: Uint8Array): void { let i; for (i = 0; i < 16; i++) o[i] = n[2 * i] + (n[2 * i + 1] << 8); o[15] &= 0x7fff; } -function A(o: Float64Array, a: Float64Array, b: Float64Array) { +function A(o: Float64Array, a: Float64Array, b: Float64Array): void { for (let i = 0; i < 16; i++) o[i] = a[i] + b[i]; } -function Z(o: Float64Array, a: Float64Array, b: Float64Array) { +function Z(o: Float64Array, a: Float64Array, b: Float64Array): void { for (let i = 0; i < 16; i++) o[i] = a[i] - b[i]; } -function M(o: Float64Array, a: Float64Array, b: Float64Array) { +function M(o: Float64Array, a: Float64Array, b: Float64Array): void { let v, c, t0 = 0, @@ -1262,8 +260,8 @@ function M(o: Float64Array, a: Float64Array, b: Float64Array) { t27 = 0, t28 = 0, t29 = 0, - t30 = 0, - b0 = b[0], + t30 = 0; + const b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], @@ -1692,11 +690,11 @@ function M(o: Float64Array, a: Float64Array, b: Float64Array) { o[15] = t15; } -function S(o: Float64Array, a: Float64Array) { +function S(o: Float64Array, a: Float64Array): void { M(o, a, a); } -function inv25519(o: Float64Array, i: Float64Array) { +function inv25519(o: Float64Array, i: Float64Array): void { const c = gf(); let a; for (a = 0; a < 16; a++) c[a] = i[a]; @@ -1707,7 +705,7 @@ function inv25519(o: Float64Array, i: Float64Array) { for (a = 0; a < 16; a++) o[a] = c[a]; } -function pow2523(o: Float64Array, i: Float64Array) { +function pow2523(o: Float64Array, i: Float64Array): void { const c = gf(); let a; for (a = 0; a < 16; a++) c[a] = i[a]; @@ -1718,11 +716,15 @@ function pow2523(o: Float64Array, i: Float64Array) { for (a = 0; a < 16; a++) o[a] = c[a]; } -function crypto_scalarmult(q: Uint8Array, n: Uint8Array, p: Uint8Array) { +function crypto_scalarmult( + q: Uint8Array, + n: Uint8Array, + p: Uint8Array, +): number { const z = new Uint8Array(32); - let x = new Float64Array(80), - r, - i; + const x = new Float64Array(80); + let r; + let i; const a = gf(), b = gf(), c = gf(), @@ -1777,50 +779,10 @@ function crypto_scalarmult(q: Uint8Array, n: Uint8Array, p: Uint8Array) { return 0; } -function crypto_scalarmult_base(q: Uint8Array, n: Uint8Array) { +function crypto_scalarmult_base(q: Uint8Array, n: Uint8Array): number { return crypto_scalarmult(q, n, _9); } -function crypto_box_keypair(y: Uint8Array, x: Uint8Array) { - randombytes(x, 32); - return crypto_scalarmult_base(y, x); -} - -function crypto_box_beforenm(k: Uint8Array, y: Uint8Array, x: Uint8Array) { - const s = new Uint8Array(32); - crypto_scalarmult(s, x, y); - return crypto_core_hsalsa20(k, _0, s, sigma); -} - -const crypto_box_afternm = crypto_secretbox; -const crypto_box_open_afternm = crypto_secretbox_open; - -function crypto_box( - c: Uint8Array, - m: Uint8Array, - d: number, - n: Uint8Array, - y: Uint8Array, - x: Uint8Array, -) { - const k = new Uint8Array(32); - crypto_box_beforenm(k, y, x); - return crypto_box_afternm(c, m, d, n, k); -} - -function crypto_box_open( - m: Uint8Array, - c: Uint8Array, - d: number, - n: Uint8Array, - y: Uint8Array, - x: Uint8Array, -) { - const k = new Uint8Array(32); - crypto_box_beforenm(k, y, x); - return crypto_box_open_afternm(m, c, d, n, k); -} - // prettier-ignore const K = [ 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, @@ -1870,10 +832,10 @@ function crypto_hashblocks_hl( hl: Int32Array, m: Uint8Array, n: number, -) { - let wh = new Int32Array(16), - wl = new Int32Array(16), - bh0, +): number { + const wh = new Int32Array(16), + wl = new Int32Array(16); + let bh0, bh1, bh2, bh3, @@ -2338,7 +1300,7 @@ function crypto_hashblocks_hl( return n; } -function crypto_hash(out: Uint8Array, m: Uint8Array, n: number) { +function crypto_hash(out: Uint8Array, m: Uint8Array, n: number): number { const hh = new Int32Array(8); const hl = new Int32Array(8); const x = new Uint8Array(256); @@ -2450,7 +1412,7 @@ export class HashState { } } -function add(p: Float64Array[], q: Float64Array[]) { +function add(p: Float64Array[], q: Float64Array[]): void { const a = gf(), b = gf(), c = gf(), @@ -2482,14 +1444,14 @@ function add(p: Float64Array[], q: Float64Array[]) { M(p[3], e, h); } -function cswap(p: Float64Array[], q: Float64Array[], b: number) { +function cswap(p: Float64Array[], q: Float64Array[], b: number): void { let i; for (i = 0; i < 4; i++) { sel25519(p[i], q[i], b); } } -function pack(r: Uint8Array, p: Float64Array[]) { +function pack(r: Uint8Array, p: Float64Array[]): void { const tx = gf(), ty = gf(), zi = gf(); @@ -2500,7 +1462,7 @@ function pack(r: Uint8Array, p: Float64Array[]) { r[31] ^= par25519(tx) << 7; } -function scalarmult(p: Float64Array[], q: Float64Array[], s: Uint8Array) { +function scalarmult(p: Float64Array[], q: Float64Array[], s: Uint8Array): void { let b, i; set25519(p[0], gf0); set25519(p[1], gf1); @@ -2515,7 +1477,7 @@ function scalarmult(p: Float64Array[], q: Float64Array[], s: Uint8Array) { } } -function scalarbase(p: Float64Array[], s: Uint8Array) { +function scalarbase(p: Float64Array[], s: Uint8Array): void { const q = [gf(), gf(), gf(), gf()]; set25519(q[0], X); set25519(q[1], Y); @@ -2580,7 +1542,7 @@ const L = new Float64Array([ 0x10, ]); -function modL(r: Uint8Array, x: Float64Array) { +function modL(r: Uint8Array, x: Float64Array): void { let carry, i, j, k; for (i = 63; i >= 32; --i) { carry = 0; @@ -2605,7 +1567,7 @@ function modL(r: Uint8Array, x: Float64Array) { } } -function reduce(r: Uint8Array) { +function reduce(r: Uint8Array): void { const x = new Float64Array(64); for (let i = 0; i < 64; i++) x[i] = r[i]; for (let i = 0; i < 64; i++) r[i] = 0; @@ -2613,13 +1575,17 @@ function reduce(r: Uint8Array) { } // Note: difference from C - smlen returned, not passed as argument. -function crypto_sign(sm: Uint8Array, m: Uint8Array, n: number, sk: Uint8Array) { +function crypto_sign( + sm: Uint8Array, + m: Uint8Array, + n: number, + sk: Uint8Array, +): number { const d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); - let i, - j, - x = new Float64Array(64); + let i, j; + const x = new Float64Array(64); const p = [gf(), gf(), gf(), gf()]; crypto_hash(d, sk, 32); @@ -2652,7 +1618,7 @@ function crypto_sign(sm: Uint8Array, m: Uint8Array, n: number, sk: Uint8Array) { return smlen; } -function unpackneg(r: Float64Array[], p: Uint8Array) { +function unpackneg(r: Float64Array[], p: Uint8Array): number { const t = gf(); const chk = gf(); const num = gf(); @@ -2699,7 +1665,7 @@ function crypto_sign_open( sm: Uint8Array, n: number, pk: Uint8Array, -) { +): number { let i, mlen; const t = new Uint8Array(32), h = new Uint8Array(64); @@ -2732,131 +1698,34 @@ function crypto_sign_open( return mlen; } -const crypto_secretbox_KEYBYTES = 32, - crypto_secretbox_NONCEBYTES = 24, - crypto_secretbox_ZEROBYTES = 32, - crypto_secretbox_BOXZEROBYTES = 16, - crypto_scalarmult_BYTES = 32, +const crypto_scalarmult_BYTES = 32, crypto_scalarmult_SCALARBYTES = 32, - crypto_box_PUBLICKEYBYTES = 32, - crypto_box_SECRETKEYBYTES = 32, - crypto_box_BEFORENMBYTES = 32, - crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES, - crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES, - crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES, crypto_sign_BYTES = 64, crypto_sign_PUBLICKEYBYTES = 32, crypto_sign_SECRETKEYBYTES = 64, crypto_sign_SEEDBYTES = 32, crypto_hash_BYTES = 64; -const lowlevel = { - crypto_core_hsalsa20: crypto_core_hsalsa20, - crypto_stream_xor: crypto_stream_xor, - crypto_stream: crypto_stream, - crypto_stream_salsa20_xor: crypto_stream_salsa20_xor, - crypto_stream_salsa20: crypto_stream_salsa20, - crypto_onetimeauth: crypto_onetimeauth, - crypto_onetimeauth_verify: crypto_onetimeauth_verify, - crypto_verify_16: crypto_verify_16, - crypto_verify_32: crypto_verify_32, - crypto_secretbox: crypto_secretbox, - crypto_secretbox_open: crypto_secretbox_open, - crypto_scalarmult: crypto_scalarmult, - crypto_scalarmult_base: crypto_scalarmult_base, - crypto_box_beforenm: crypto_box_beforenm, - crypto_box_afternm: crypto_box_afternm, - crypto_box: crypto_box, - crypto_box_open: crypto_box_open, - crypto_box_keypair: crypto_box_keypair, - crypto_hash: crypto_hash, - crypto_sign: crypto_sign, - crypto_sign_keypair: crypto_sign_keypair, - crypto_sign_open: crypto_sign_open, - - crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES, - crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES, - crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES, - crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES, - crypto_scalarmult_BYTES: crypto_scalarmult_BYTES, - crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES, - crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES, - crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES, - crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES, - crypto_box_NONCEBYTES: crypto_box_NONCEBYTES, - crypto_box_ZEROBYTES: crypto_box_ZEROBYTES, - crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES, - crypto_sign_BYTES: crypto_sign_BYTES, - crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES, - crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES, - crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES, - crypto_hash_BYTES: crypto_hash_BYTES, -}; - /* High-level API */ -function checkLengths(k: Uint8Array, n: Uint8Array) { - if (k.length !== crypto_secretbox_KEYBYTES) throw new Error("bad key size"); - if (n.length !== crypto_secretbox_NONCEBYTES) - throw new Error("bad nonce size"); -} - -function checkBoxLengths(pk: Uint8Array, sk: Uint8Array) { - if (pk.length !== crypto_box_PUBLICKEYBYTES) - throw new Error("bad public key size"); - if (sk.length !== crypto_box_SECRETKEYBYTES) - throw new Error("bad secret key size"); -} - -function checkArrayTypes(...args: Uint8Array[]) { +function checkArrayTypes(...args: Uint8Array[]): void { for (let i = 0; i < args.length; i++) { if (!(args[i] instanceof Uint8Array)) throw new TypeError("unexpected type, use Uint8Array"); } } -function cleanup(arr: Uint8Array) { +function cleanup(arr: Uint8Array): void { for (let i = 0; i < arr.length; i++) arr[i] = 0; } -export function randomBytes(n: number) { +export function randomBytes(n: number): Uint8Array { const b = new Uint8Array(n); randombytes(b, n); return b; } -export function secretbox(msg: Uint8Array, nonce: Uint8Array, key: Uint8Array) { - checkArrayTypes(msg, nonce, key); - checkLengths(key, nonce); - const m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length); - const c = new Uint8Array(m.length); - for (let i = 0; i < msg.length; i++) - m[i + crypto_secretbox_ZEROBYTES] = msg[i]; - crypto_secretbox(c, m, m.length, nonce, key); - return c.subarray(crypto_secretbox_BOXZEROBYTES); -} - -export function secretbox_open( - box: Uint8Array, - nonce: Uint8Array, - key: Uint8Array, -) { - checkArrayTypes(box, nonce, key); - checkLengths(key, nonce); - const c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length); - const m = new Uint8Array(c.length); - for (let i = 0; i < box.length; i++) - c[i + crypto_secretbox_BOXZEROBYTES] = box[i]; - if (c.length < 32) return null; - if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null; - return m.subarray(crypto_secretbox_ZEROBYTES); -} - -export const secretbox_keyLength = crypto_secretbox_KEYBYTES; -export const secretbox_nonceLength = crypto_secretbox_NONCEBYTES; -export const secretbox_overheadLength = crypto_secretbox_BOXZEROBYTES; - -export function scalarMult(n: Uint8Array, p: Uint8Array) { +export function scalarMult(n: Uint8Array, p: Uint8Array): Uint8Array { checkArrayTypes(n, p); if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error("bad n size"); if (p.length !== crypto_scalarmult_BYTES) throw new Error("bad p size"); @@ -2865,7 +1734,7 @@ export function scalarMult(n: Uint8Array, p: Uint8Array) { return q; } -export function scalarMult_base(n: Uint8Array) { +export function scalarMult_base(n: Uint8Array): Uint8Array { checkArrayTypes(n); if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error("bad n size"); const q = new Uint8Array(crypto_scalarmult_BYTES); @@ -2876,61 +1745,7 @@ export function scalarMult_base(n: Uint8Array) { export const scalarMult_scalarLength = crypto_scalarmult_SCALARBYTES; export const scalarMult_groupElementLength = crypto_scalarmult_BYTES; -export function box( - msg: Uint8Array, - nonce: Uint8Array, - publicKey: Uint8Array, - secretKey: Uint8Array, -) { - const k = box_before(publicKey, secretKey); - return secretbox(msg, nonce, k); -} - -export function box_before(publicKey: Uint8Array, secretKey: Uint8Array) { - checkArrayTypes(publicKey, secretKey); - checkBoxLengths(publicKey, secretKey); - const k = new Uint8Array(crypto_box_BEFORENMBYTES); - crypto_box_beforenm(k, publicKey, secretKey); - return k; -} - -export const box_after = secretbox; - -export function box_open( - msg: Uint8Array, - nonce: Uint8Array, - publicKey: Uint8Array, - secretKey: Uint8Array, -) { - const k = box_before(publicKey, secretKey); - return secretbox_open(msg, nonce, k); -} - -export const box_open_after = secretbox_open; - -export function box_keyPair() { - const pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - const sk = new Uint8Array(crypto_box_SECRETKEYBYTES); - crypto_box_keypair(pk, sk); - return { publicKey: pk, secretKey: sk }; -} - -export function box_keyPair_fromSecretKey(secretKey: Uint8Array) { - checkArrayTypes(secretKey); - if (secretKey.length !== crypto_box_SECRETKEYBYTES) - throw new Error("bad secret key size"); - const pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); - crypto_scalarmult_base(pk, secretKey); - return { publicKey: pk, secretKey: new Uint8Array(secretKey) }; -} - -export const box_publicKeyLength = crypto_box_PUBLICKEYBYTES; -export const box_secretKeyLength = crypto_box_SECRETKEYBYTES; -export const box_sharedKeyLength = crypto_box_BEFORENMBYTES; -export const box_nonceLength = crypto_box_NONCEBYTES; -export const box_overheadLength = secretbox_overheadLength; - -export function sign(msg: Uint8Array, secretKey: Uint8Array) { +export function sign(msg: Uint8Array, secretKey: Uint8Array): Uint8Array { checkArrayTypes(msg, secretKey); if (secretKey.length !== crypto_sign_SECRETKEYBYTES) throw new Error("bad secret key size"); @@ -2939,7 +1754,10 @@ export function sign(msg: Uint8Array, secretKey: Uint8Array) { return signedMsg; } -export function sign_open(signedMsg: Uint8Array, publicKey: Uint8Array) { +export function sign_open( + signedMsg: Uint8Array, + publicKey: Uint8Array, +): Uint8Array | null { checkArrayTypes(signedMsg, publicKey); if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) throw new Error("bad public key size"); @@ -2951,7 +1769,10 @@ export function sign_open(signedMsg: Uint8Array, publicKey: Uint8Array) { return m; } -export function sign_detached(msg: Uint8Array, secretKey: Uint8Array) { +export function sign_detached( + msg: Uint8Array, + secretKey: Uint8Array, +): Uint8Array { const signedMsg = sign(msg, secretKey); const sig = new Uint8Array(crypto_sign_BYTES); for (let i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; @@ -2962,7 +1783,7 @@ export function sign_detached_verify( msg: Uint8Array, sig: Uint8Array, publicKey: Uint8Array, -) { +): boolean { checkArrayTypes(msg, sig, publicKey); if (sig.length !== crypto_sign_BYTES) throw new Error("bad signature size"); if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) @@ -2975,7 +1796,10 @@ export function sign_detached_verify( return crypto_sign_open(m, sm, sm.length, publicKey) >= 0; } -export function sign_keyPair() { +export function sign_keyPair(): { + publicKey: Uint8Array; + secretKey: Uint8Array; +} { const pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); const sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); crypto_sign_keypair(pk, sk, false); @@ -3005,7 +1829,12 @@ export function x25519_edwards_keyPair_fromSecretKey( return pk; } -export function sign_keyPair_fromSecretKey(secretKey: Uint8Array) { +export function sign_keyPair_fromSecretKey( + secretKey: Uint8Array, +): { + publicKey: Uint8Array; + secretKey: Uint8Array; +} { checkArrayTypes(secretKey); if (secretKey.length !== crypto_sign_SECRETKEYBYTES) throw new Error("bad secret key size"); @@ -3014,7 +1843,12 @@ export function sign_keyPair_fromSecretKey(secretKey: Uint8Array) { return { publicKey: pk, secretKey: new Uint8Array(secretKey) }; } -export function sign_keyPair_fromSeed(seed: Uint8Array) { +export function sign_keyPair_fromSeed( + seed: Uint8Array, +): { + publicKey: Uint8Array; + secretKey: Uint8Array; +} { checkArrayTypes(seed); if (seed.length !== crypto_sign_SEEDBYTES) throw new Error("bad seed size"); const pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); @@ -3029,7 +1863,7 @@ export const sign_secretKeyLength = crypto_sign_SECRETKEYBYTES; export const sign_seedLength = crypto_sign_SEEDBYTES; export const sign_signatureLength = crypto_sign_BYTES; -export function hash(msg: Uint8Array) { +export function hash(msg: Uint8Array): Uint8Array { checkArrayTypes(msg); const h = new Uint8Array(crypto_hash_BYTES); crypto_hash(h, msg, msg.length); @@ -3038,7 +1872,7 @@ export function hash(msg: Uint8Array) { export const hash_hashLength = crypto_hash_BYTES; -export function verify(x: Uint8Array, y: Uint8Array) { +export function verify(x: Uint8Array, y: Uint8Array): boolean { checkArrayTypes(x, y); // Zero length arguments are considered not equal. if (x.length === 0 || y.length === 0) return false; @@ -3046,7 +1880,7 @@ export function verify(x: Uint8Array, y: Uint8Array) { return vn(x, 0, y, 0, x.length) === 0 ? true : false; } -export function setPRNG(fn: (x: Uint8Array, n: number) => void) { +export function setPRNG(fn: (x: Uint8Array, n: number) => void): void { randombytes = fn; } @@ -3084,8 +1918,8 @@ export function sign_ed25519_pk_to_curve25519( // Browsers. const QUOTA = 65536; setPRNG(function (x: Uint8Array, n: number) { - let i, - v = new Uint8Array(n); + let i; + const v = new Uint8Array(n); for (i = 0; i < n; i += QUOTA) { cr.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); } @@ -3094,12 +1928,12 @@ export function sign_ed25519_pk_to_curve25519( }); } else if (typeof require !== "undefined") { // Node.js. + // eslint-disable-next-line @typescript-eslint/no-var-requires const cr = require("crypto"); if (cr && cr.randomBytes) { setPRNG(function (x: Uint8Array, n: number) { - let i, - v = cr.randomBytes(n); - for (i = 0; i < n; i++) x[i] = v[i]; + const v = cr.randomBytes(n); + for (let i = 0; i < n; i++) x[i] = v[i]; cleanup(v); }); } |