[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-wallet-core] branch master updated: re-add secretbox functionalit
|
From: |
gnunet |
|
Subject: |
[taler-wallet-core] branch master updated: re-add secretbox functionality of nacl |
|
Date: |
Thu, 07 Jan 2021 15:31:12 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository wallet-core.
The following commit(s) were added to refs/heads/master by this push:
new e0f574e2 re-add secretbox functionality of nacl
e0f574e2 is described below
commit e0f574e23c0ec8f9666d0cc8ab16a886b580015b
Author: Florian Dold <florian@dold.me>
AuthorDate: Thu Jan 7 15:31:07 2021 +0100
re-add secretbox functionality of nacl
---
.../src/crypto/primitives/nacl-fast.ts | 1122 +++++++++++++++++++-
1 file changed, 1115 insertions(+), 7 deletions(-)
diff --git a/packages/taler-wallet-core/src/crypto/primitives/nacl-fast.ts
b/packages/taler-wallet-core/src/crypto/primitives/nacl-fast.ts
index 315e2bba..ceb60146 100644
--- a/packages/taler-wallet-core/src/crypto/primitives/nacl-fast.ts
+++ b/packages/taler-wallet-core/src/crypto/primitives/nacl-fast.ts
@@ -138,6 +138,15 @@ function vn(
return (1 & ((d - 1) >>> 8)) - 1;
}
+function crypto_verify_16(
+ x: Uint8Array,
+ xi: number,
+ y: Uint8Array,
+ yi: number,
+) {
+ return vn(x, xi, y, yi, 16);
+}
+
function crypto_verify_32(
x: Uint8Array,
xi: number,
@@ -147,6 +156,1068 @@ function crypto_verify_32(
return vn(x, xi, y, yi, 32);
}
+function core_salsa20(
+ o: Uint8Array,
+ p: Uint8Array,
+ k: Uint8Array,
+ c: Uint8Array,
+) {
+ var j0 =
+ (c[0] & 0xff) |
+ ((c[1] & 0xff) << 8) |
+ ((c[2] & 0xff) << 16) |
+ ((c[3] & 0xff) << 24),
+ j1 =
+ (k[0] & 0xff) |
+ ((k[1] & 0xff) << 8) |
+ ((k[2] & 0xff) << 16) |
+ ((k[3] & 0xff) << 24),
+ j2 =
+ (k[4] & 0xff) |
+ ((k[5] & 0xff) << 8) |
+ ((k[6] & 0xff) << 16) |
+ ((k[7] & 0xff) << 24),
+ j3 =
+ (k[8] & 0xff) |
+ ((k[9] & 0xff) << 8) |
+ ((k[10] & 0xff) << 16) |
+ ((k[11] & 0xff) << 24),
+ j4 =
+ (k[12] & 0xff) |
+ ((k[13] & 0xff) << 8) |
+ ((k[14] & 0xff) << 16) |
+ ((k[15] & 0xff) << 24),
+ j5 =
+ (c[4] & 0xff) |
+ ((c[5] & 0xff) << 8) |
+ ((c[6] & 0xff) << 16) |
+ ((c[7] & 0xff) << 24),
+ j6 =
+ (p[0] & 0xff) |
+ ((p[1] & 0xff) << 8) |
+ ((p[2] & 0xff) << 16) |
+ ((p[3] & 0xff) << 24),
+ j7 =
+ (p[4] & 0xff) |
+ ((p[5] & 0xff) << 8) |
+ ((p[6] & 0xff) << 16) |
+ ((p[7] & 0xff) << 24),
+ j8 =
+ (p[8] & 0xff) |
+ ((p[9] & 0xff) << 8) |
+ ((p[10] & 0xff) << 16) |
+ ((p[11] & 0xff) << 24),
+ j9 =
+ (p[12] & 0xff) |
+ ((p[13] & 0xff) << 8) |
+ ((p[14] & 0xff) << 16) |
+ ((p[15] & 0xff) << 24),
+ j10 =
+ (c[8] & 0xff) |
+ ((c[9] & 0xff) << 8) |
+ ((c[10] & 0xff) << 16) |
+ ((c[11] & 0xff) << 24),
+ j11 =
+ (k[16] & 0xff) |
+ ((k[17] & 0xff) << 8) |
+ ((k[18] & 0xff) << 16) |
+ ((k[19] & 0xff) << 24),
+ j12 =
+ (k[20] & 0xff) |
+ ((k[21] & 0xff) << 8) |
+ ((k[22] & 0xff) << 16) |
+ ((k[23] & 0xff) << 24),
+ j13 =
+ (k[24] & 0xff) |
+ ((k[25] & 0xff) << 8) |
+ ((k[26] & 0xff) << 16) |
+ ((k[27] & 0xff) << 24),
+ j14 =
+ (k[28] & 0xff) |
+ ((k[29] & 0xff) << 8) |
+ ((k[30] & 0xff) << 16) |
+ ((k[31] & 0xff) << 24),
+ j15 =
+ (c[12] & 0xff) |
+ ((c[13] & 0xff) << 8) |
+ ((c[14] & 0xff) << 16) |
+ ((c[15] & 0xff) << 24);
+
+ var x0 = j0,
+ x1 = j1,
+ x2 = j2,
+ x3 = j3,
+ x4 = j4,
+ x5 = j5,
+ x6 = j6,
+ x7 = j7,
+ x8 = j8,
+ x9 = j9,
+ x10 = j10,
+ x11 = j11,
+ x12 = j12,
+ x13 = j13,
+ x14 = j14,
+ x15 = j15,
+ u;
+
+ for (var i = 0; i < 20; i += 2) {
+ u = (x0 + x12) | 0;
+ x4 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x4 + x0) | 0;
+ x8 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x8 + x4) | 0;
+ x12 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x12 + x8) | 0;
+ x0 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x5 + x1) | 0;
+ x9 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x9 + x5) | 0;
+ x13 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x13 + x9) | 0;
+ x1 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x1 + x13) | 0;
+ x5 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x10 + x6) | 0;
+ x14 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x14 + x10) | 0;
+ x2 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x2 + x14) | 0;
+ x6 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x6 + x2) | 0;
+ x10 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x15 + x11) | 0;
+ x3 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x3 + x15) | 0;
+ x7 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x7 + x3) | 0;
+ x11 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x11 + x7) | 0;
+ x15 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x0 + x3) | 0;
+ x1 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x1 + x0) | 0;
+ x2 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x2 + x1) | 0;
+ x3 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x3 + x2) | 0;
+ x0 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x5 + x4) | 0;
+ x6 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x6 + x5) | 0;
+ x7 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x7 + x6) | 0;
+ x4 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x4 + x7) | 0;
+ x5 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x10 + x9) | 0;
+ x11 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x11 + x10) | 0;
+ x8 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x8 + x11) | 0;
+ x9 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x9 + x8) | 0;
+ x10 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x15 + x14) | 0;
+ x12 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x12 + x15) | 0;
+ x13 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x13 + x12) | 0;
+ x14 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x14 + x13) | 0;
+ x15 ^= (u << 18) | (u >>> (32 - 18));
+ }
+ x0 = (x0 + j0) | 0;
+ x1 = (x1 + j1) | 0;
+ x2 = (x2 + j2) | 0;
+ x3 = (x3 + j3) | 0;
+ x4 = (x4 + j4) | 0;
+ x5 = (x5 + j5) | 0;
+ x6 = (x6 + j6) | 0;
+ x7 = (x7 + j7) | 0;
+ x8 = (x8 + j8) | 0;
+ x9 = (x9 + j9) | 0;
+ x10 = (x10 + j10) | 0;
+ x11 = (x11 + j11) | 0;
+ x12 = (x12 + j12) | 0;
+ x13 = (x13 + j13) | 0;
+ x14 = (x14 + j14) | 0;
+ x15 = (x15 + j15) | 0;
+
+ o[0] = (x0 >>> 0) & 0xff;
+ o[1] = (x0 >>> 8) & 0xff;
+ o[2] = (x0 >>> 16) & 0xff;
+ o[3] = (x0 >>> 24) & 0xff;
+
+ o[4] = (x1 >>> 0) & 0xff;
+ o[5] = (x1 >>> 8) & 0xff;
+ o[6] = (x1 >>> 16) & 0xff;
+ o[7] = (x1 >>> 24) & 0xff;
+
+ o[8] = (x2 >>> 0) & 0xff;
+ o[9] = (x2 >>> 8) & 0xff;
+ o[10] = (x2 >>> 16) & 0xff;
+ o[11] = (x2 >>> 24) & 0xff;
+
+ o[12] = (x3 >>> 0) & 0xff;
+ o[13] = (x3 >>> 8) & 0xff;
+ o[14] = (x3 >>> 16) & 0xff;
+ o[15] = (x3 >>> 24) & 0xff;
+
+ o[16] = (x4 >>> 0) & 0xff;
+ o[17] = (x4 >>> 8) & 0xff;
+ o[18] = (x4 >>> 16) & 0xff;
+ o[19] = (x4 >>> 24) & 0xff;
+
+ o[20] = (x5 >>> 0) & 0xff;
+ o[21] = (x5 >>> 8) & 0xff;
+ o[22] = (x5 >>> 16) & 0xff;
+ o[23] = (x5 >>> 24) & 0xff;
+
+ o[24] = (x6 >>> 0) & 0xff;
+ o[25] = (x6 >>> 8) & 0xff;
+ o[26] = (x6 >>> 16) & 0xff;
+ o[27] = (x6 >>> 24) & 0xff;
+
+ o[28] = (x7 >>> 0) & 0xff;
+ o[29] = (x7 >>> 8) & 0xff;
+ o[30] = (x7 >>> 16) & 0xff;
+ o[31] = (x7 >>> 24) & 0xff;
+
+ o[32] = (x8 >>> 0) & 0xff;
+ o[33] = (x8 >>> 8) & 0xff;
+ o[34] = (x8 >>> 16) & 0xff;
+ o[35] = (x8 >>> 24) & 0xff;
+
+ o[36] = (x9 >>> 0) & 0xff;
+ o[37] = (x9 >>> 8) & 0xff;
+ o[38] = (x9 >>> 16) & 0xff;
+ o[39] = (x9 >>> 24) & 0xff;
+
+ o[40] = (x10 >>> 0) & 0xff;
+ o[41] = (x10 >>> 8) & 0xff;
+ o[42] = (x10 >>> 16) & 0xff;
+ o[43] = (x10 >>> 24) & 0xff;
+
+ o[44] = (x11 >>> 0) & 0xff;
+ o[45] = (x11 >>> 8) & 0xff;
+ o[46] = (x11 >>> 16) & 0xff;
+ o[47] = (x11 >>> 24) & 0xff;
+
+ o[48] = (x12 >>> 0) & 0xff;
+ o[49] = (x12 >>> 8) & 0xff;
+ o[50] = (x12 >>> 16) & 0xff;
+ o[51] = (x12 >>> 24) & 0xff;
+
+ o[52] = (x13 >>> 0) & 0xff;
+ o[53] = (x13 >>> 8) & 0xff;
+ o[54] = (x13 >>> 16) & 0xff;
+ o[55] = (x13 >>> 24) & 0xff;
+
+ o[56] = (x14 >>> 0) & 0xff;
+ o[57] = (x14 >>> 8) & 0xff;
+ o[58] = (x14 >>> 16) & 0xff;
+ o[59] = (x14 >>> 24) & 0xff;
+
+ o[60] = (x15 >>> 0) & 0xff;
+ o[61] = (x15 >>> 8) & 0xff;
+ o[62] = (x15 >>> 16) & 0xff;
+ o[63] = (x15 >>> 24) & 0xff;
+}
+
+function core_hsalsa20(
+ o: Uint8Array,
+ p: Uint8Array,
+ k: Uint8Array,
+ c: Uint8Array,
+) {
+ var j0 =
+ (c[0] & 0xff) |
+ ((c[1] & 0xff) << 8) |
+ ((c[2] & 0xff) << 16) |
+ ((c[3] & 0xff) << 24),
+ j1 =
+ (k[0] & 0xff) |
+ ((k[1] & 0xff) << 8) |
+ ((k[2] & 0xff) << 16) |
+ ((k[3] & 0xff) << 24),
+ j2 =
+ (k[4] & 0xff) |
+ ((k[5] & 0xff) << 8) |
+ ((k[6] & 0xff) << 16) |
+ ((k[7] & 0xff) << 24),
+ j3 =
+ (k[8] & 0xff) |
+ ((k[9] & 0xff) << 8) |
+ ((k[10] & 0xff) << 16) |
+ ((k[11] & 0xff) << 24),
+ j4 =
+ (k[12] & 0xff) |
+ ((k[13] & 0xff) << 8) |
+ ((k[14] & 0xff) << 16) |
+ ((k[15] & 0xff) << 24),
+ j5 =
+ (c[4] & 0xff) |
+ ((c[5] & 0xff) << 8) |
+ ((c[6] & 0xff) << 16) |
+ ((c[7] & 0xff) << 24),
+ j6 =
+ (p[0] & 0xff) |
+ ((p[1] & 0xff) << 8) |
+ ((p[2] & 0xff) << 16) |
+ ((p[3] & 0xff) << 24),
+ j7 =
+ (p[4] & 0xff) |
+ ((p[5] & 0xff) << 8) |
+ ((p[6] & 0xff) << 16) |
+ ((p[7] & 0xff) << 24),
+ j8 =
+ (p[8] & 0xff) |
+ ((p[9] & 0xff) << 8) |
+ ((p[10] & 0xff) << 16) |
+ ((p[11] & 0xff) << 24),
+ j9 =
+ (p[12] & 0xff) |
+ ((p[13] & 0xff) << 8) |
+ ((p[14] & 0xff) << 16) |
+ ((p[15] & 0xff) << 24),
+ j10 =
+ (c[8] & 0xff) |
+ ((c[9] & 0xff) << 8) |
+ ((c[10] & 0xff) << 16) |
+ ((c[11] & 0xff) << 24),
+ j11 =
+ (k[16] & 0xff) |
+ ((k[17] & 0xff) << 8) |
+ ((k[18] & 0xff) << 16) |
+ ((k[19] & 0xff) << 24),
+ j12 =
+ (k[20] & 0xff) |
+ ((k[21] & 0xff) << 8) |
+ ((k[22] & 0xff) << 16) |
+ ((k[23] & 0xff) << 24),
+ j13 =
+ (k[24] & 0xff) |
+ ((k[25] & 0xff) << 8) |
+ ((k[26] & 0xff) << 16) |
+ ((k[27] & 0xff) << 24),
+ j14 =
+ (k[28] & 0xff) |
+ ((k[29] & 0xff) << 8) |
+ ((k[30] & 0xff) << 16) |
+ ((k[31] & 0xff) << 24),
+ j15 =
+ (c[12] & 0xff) |
+ ((c[13] & 0xff) << 8) |
+ ((c[14] & 0xff) << 16) |
+ ((c[15] & 0xff) << 24);
+
+ var x0 = j0,
+ x1 = j1,
+ x2 = j2,
+ x3 = j3,
+ x4 = j4,
+ x5 = j5,
+ x6 = j6,
+ x7 = j7,
+ x8 = j8,
+ x9 = j9,
+ x10 = j10,
+ x11 = j11,
+ x12 = j12,
+ x13 = j13,
+ x14 = j14,
+ x15 = j15,
+ u;
+
+ for (var i = 0; i < 20; i += 2) {
+ u = (x0 + x12) | 0;
+ x4 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x4 + x0) | 0;
+ x8 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x8 + x4) | 0;
+ x12 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x12 + x8) | 0;
+ x0 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x5 + x1) | 0;
+ x9 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x9 + x5) | 0;
+ x13 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x13 + x9) | 0;
+ x1 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x1 + x13) | 0;
+ x5 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x10 + x6) | 0;
+ x14 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x14 + x10) | 0;
+ x2 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x2 + x14) | 0;
+ x6 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x6 + x2) | 0;
+ x10 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x15 + x11) | 0;
+ x3 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x3 + x15) | 0;
+ x7 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x7 + x3) | 0;
+ x11 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x11 + x7) | 0;
+ x15 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x0 + x3) | 0;
+ x1 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x1 + x0) | 0;
+ x2 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x2 + x1) | 0;
+ x3 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x3 + x2) | 0;
+ x0 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x5 + x4) | 0;
+ x6 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x6 + x5) | 0;
+ x7 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x7 + x6) | 0;
+ x4 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x4 + x7) | 0;
+ x5 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x10 + x9) | 0;
+ x11 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x11 + x10) | 0;
+ x8 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x8 + x11) | 0;
+ x9 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x9 + x8) | 0;
+ x10 ^= (u << 18) | (u >>> (32 - 18));
+
+ u = (x15 + x14) | 0;
+ x12 ^= (u << 7) | (u >>> (32 - 7));
+ u = (x12 + x15) | 0;
+ x13 ^= (u << 9) | (u >>> (32 - 9));
+ u = (x13 + x12) | 0;
+ x14 ^= (u << 13) | (u >>> (32 - 13));
+ u = (x14 + x13) | 0;
+ x15 ^= (u << 18) | (u >>> (32 - 18));
+ }
+
+ o[0] = (x0 >>> 0) & 0xff;
+ o[1] = (x0 >>> 8) & 0xff;
+ o[2] = (x0 >>> 16) & 0xff;
+ o[3] = (x0 >>> 24) & 0xff;
+
+ o[4] = (x5 >>> 0) & 0xff;
+ o[5] = (x5 >>> 8) & 0xff;
+ o[6] = (x5 >>> 16) & 0xff;
+ o[7] = (x5 >>> 24) & 0xff;
+
+ o[8] = (x10 >>> 0) & 0xff;
+ o[9] = (x10 >>> 8) & 0xff;
+ o[10] = (x10 >>> 16) & 0xff;
+ o[11] = (x10 >>> 24) & 0xff;
+
+ o[12] = (x15 >>> 0) & 0xff;
+ o[13] = (x15 >>> 8) & 0xff;
+ o[14] = (x15 >>> 16) & 0xff;
+ o[15] = (x15 >>> 24) & 0xff;
+
+ o[16] = (x6 >>> 0) & 0xff;
+ o[17] = (x6 >>> 8) & 0xff;
+ o[18] = (x6 >>> 16) & 0xff;
+ o[19] = (x6 >>> 24) & 0xff;
+
+ o[20] = (x7 >>> 0) & 0xff;
+ o[21] = (x7 >>> 8) & 0xff;
+ o[22] = (x7 >>> 16) & 0xff;
+ o[23] = (x7 >>> 24) & 0xff;
+
+ o[24] = (x8 >>> 0) & 0xff;
+ o[25] = (x8 >>> 8) & 0xff;
+ o[26] = (x8 >>> 16) & 0xff;
+ o[27] = (x8 >>> 24) & 0xff;
+
+ o[28] = (x9 >>> 0) & 0xff;
+ o[29] = (x9 >>> 8) & 0xff;
+ o[30] = (x9 >>> 16) & 0xff;
+ o[31] = (x9 >>> 24) & 0xff;
+}
+
+var sigma = new Uint8Array([
+ 101,
+ 120,
+ 112,
+ 97,
+ 110,
+ 100,
+ 32,
+ 51,
+ 50,
+ 45,
+ 98,
+ 121,
+ 116,
+ 101,
+ 32,
+ 107,
+]);
+// "expand 32-byte k"
+
+function crypto_stream_salsa20_xor(
+ c: Uint8Array,
+ cpos: number,
+ m: Uint8Array,
+ mpos: number,
+ b: number,
+ n: Uint8Array,
+ k: Uint8Array,
+) {
+ var z = new Uint8Array(16),
+ x = new Uint8Array(64);
+ var u, i;
+ for (i = 0; i < 16; i++) z[i] = 0;
+ for (i = 0; i < 8; i++) z[i] = n[i];
+ while (b >= 64) {
+ core_salsa20(x, z, k, sigma);
+ for (i = 0; i < 64; i++) c[cpos + i] = m[mpos + i] ^ x[i];
+ u = 1;
+ for (i = 8; i < 16; i++) {
+ u = (u + (z[i] & 0xff)) | 0;
+ z[i] = u & 0xff;
+ u >>>= 8;
+ }
+ b -= 64;
+ cpos += 64;
+ mpos += 64;
+ }
+ if (b > 0) {
+ core_salsa20(x, z, k, sigma);
+ for (i = 0; i < b; i++) c[cpos + i] = m[mpos + i] ^ x[i];
+ }
+ return 0;
+}
+
+function crypto_stream_salsa20(
+ c: Uint8Array,
+ cpos: number,
+ b: number,
+ n: Uint8Array,
+ k: Uint8Array,
+) {
+ var z = new Uint8Array(16),
+ x = new Uint8Array(64);
+ var u, i;
+ for (i = 0; i < 16; i++) z[i] = 0;
+ for (i = 0; i < 8; i++) z[i] = n[i];
+ while (b >= 64) {
+ core_salsa20(x, z, k, sigma);
+ for (i = 0; i < 64; i++) c[cpos + i] = x[i];
+ u = 1;
+ for (i = 8; i < 16; i++) {
+ u = (u + (z[i] & 0xff)) | 0;
+ z[i] = u & 0xff;
+ u >>>= 8;
+ }
+ b -= 64;
+ cpos += 64;
+ }
+ if (b > 0) {
+ core_salsa20(x, z, k, sigma);
+ for (i = 0; i < b; i++) c[cpos + i] = x[i];
+ }
+ return 0;
+}
+
+function crypto_stream(
+ c: Uint8Array,
+ cpos: number,
+ d: number,
+ n: Uint8Array,
+ k: Uint8Array,
+) {
+ var s = new Uint8Array(32);
+ core_hsalsa20(s, n, k, sigma);
+ var sn = new Uint8Array(8);
+ for (var i = 0; i < 8; i++) sn[i] = n[i + 16];
+ return crypto_stream_salsa20(c, cpos, d, sn, s);
+}
+
+function crypto_stream_xor(
+ c: Uint8Array,
+ cpos: number,
+ m: Uint8Array,
+ mpos: number,
+ d: number,
+ n: Uint8Array,
+ k: Uint8Array,
+) {
+ var s = new Uint8Array(32);
+ core_hsalsa20(s, n, k, sigma);
+ var sn = new Uint8Array(8);
+ for (var i = 0; i < 8; i++) sn[i] = n[i + 16];
+ return crypto_stream_salsa20_xor(c, cpos, m, mpos, d, sn, s);
+}
+
+/*
+ * Port of Andrew Moon's Poly1305-donna-16. Public domain.
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+class poly1305 {
+ buffer = new Uint8Array(16);
+ r = new Uint16Array(10);
+ h = new Uint16Array(10);
+ pad = new Uint16Array(8);
+ leftover = 0;
+ fin = 0;
+
+ constructor(key: Uint8Array) {
+ var t0, t1, t2, t3, t4, t5, t6, t7;
+
+ t0 = (key[0] & 0xff) | ((key[1] & 0xff) << 8);
+ this.r[0] = t0 & 0x1fff;
+ t1 = (key[2] & 0xff) | ((key[3] & 0xff) << 8);
+ this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
+ t2 = (key[4] & 0xff) | ((key[5] & 0xff) << 8);
+ this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;
+ t3 = (key[6] & 0xff) | ((key[7] & 0xff) << 8);
+ this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
+ t4 = (key[8] & 0xff) | ((key[9] & 0xff) << 8);
+ this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff;
+ this.r[5] = (t4 >>> 1) & 0x1ffe;
+ t5 = (key[10] & 0xff) | ((key[11] & 0xff) << 8);
+ this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
+ t6 = (key[12] & 0xff) | ((key[13] & 0xff) << 8);
+ this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;
+ t7 = (key[14] & 0xff) | ((key[15] & 0xff) << 8);
+ this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
+ this.r[9] = (t7 >>> 5) & 0x007f;
+
+ this.pad[0] = (key[16] & 0xff) | ((key[17] & 0xff) << 8);
+ this.pad[1] = (key[18] & 0xff) | ((key[19] & 0xff) << 8);
+ this.pad[2] = (key[20] & 0xff) | ((key[21] & 0xff) << 8);
+ this.pad[3] = (key[22] & 0xff) | ((key[23] & 0xff) << 8);
+ this.pad[4] = (key[24] & 0xff) | ((key[25] & 0xff) << 8);
+ this.pad[5] = (key[26] & 0xff) | ((key[27] & 0xff) << 8);
+ this.pad[6] = (key[28] & 0xff) | ((key[29] & 0xff) << 8);
+ this.pad[7] = (key[30] & 0xff) | ((key[31] & 0xff) << 8);
+ }
+
+ blocks(m: Uint8Array, mpos: number, bytes: number) {
+ var hibit = this.fin ? 0 : 1 << 11;
+ var t0, t1, t2, t3, t4, t5, t6, t7, c;
+ var d0, d1, d2, d3, d4, d5, d6, d7, d8, d9;
+
+ var h0 = this.h[0],
+ h1 = this.h[1],
+ h2 = this.h[2],
+ h3 = this.h[3],
+ h4 = this.h[4],
+ h5 = this.h[5],
+ h6 = this.h[6],
+ h7 = this.h[7],
+ h8 = this.h[8],
+ h9 = this.h[9];
+
+ var r0 = this.r[0],
+ r1 = this.r[1],
+ r2 = this.r[2],
+ r3 = this.r[3],
+ r4 = this.r[4],
+ r5 = this.r[5],
+ r6 = this.r[6],
+ r7 = this.r[7],
+ r8 = this.r[8],
+ r9 = this.r[9];
+
+ while (bytes >= 16) {
+ t0 = (m[mpos + 0] & 0xff) | ((m[mpos + 1] & 0xff) << 8);
+ h0 += t0 & 0x1fff;
+ t1 = (m[mpos + 2] & 0xff) | ((m[mpos + 3] & 0xff) << 8);
+ h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
+ t2 = (m[mpos + 4] & 0xff) | ((m[mpos + 5] & 0xff) << 8);
+ h2 += ((t1 >>> 10) | (t2 << 6)) & 0x1fff;
+ t3 = (m[mpos + 6] & 0xff) | ((m[mpos + 7] & 0xff) << 8);
+ h3 += ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
+ t4 = (m[mpos + 8] & 0xff) | ((m[mpos + 9] & 0xff) << 8);
+ h4 += ((t3 >>> 4) | (t4 << 12)) & 0x1fff;
+ h5 += (t4 >>> 1) & 0x1fff;
+ t5 = (m[mpos + 10] & 0xff) | ((m[mpos + 11] & 0xff) << 8);
+ h6 += ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
+ t6 = (m[mpos + 12] & 0xff) | ((m[mpos + 13] & 0xff) << 8);
+ h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff;
+ t7 = (m[mpos + 14] & 0xff) | ((m[mpos + 15] & 0xff) << 8);
+ h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
+ h9 += (t7 >>> 5) | hibit;
+
+ c = 0;
+
+ d0 = c;
+ d0 += h0 * r0;
+ d0 += h1 * (5 * r9);
+ d0 += h2 * (5 * r8);
+ d0 += h3 * (5 * r7);
+ d0 += h4 * (5 * r6);
+ c = d0 >>> 13;
+ d0 &= 0x1fff;
+ d0 += h5 * (5 * r5);
+ d0 += h6 * (5 * r4);
+ d0 += h7 * (5 * r3);
+ d0 += h8 * (5 * r2);
+ d0 += h9 * (5 * r1);
+ c += d0 >>> 13;
+ d0 &= 0x1fff;
+
+ d1 = c;
+ d1 += h0 * r1;
+ d1 += h1 * r0;
+ d1 += h2 * (5 * r9);
+ d1 += h3 * (5 * r8);
+ d1 += h4 * (5 * r7);
+ c = d1 >>> 13;
+ d1 &= 0x1fff;
+ d1 += h5 * (5 * r6);
+ d1 += h6 * (5 * r5);
+ d1 += h7 * (5 * r4);
+ d1 += h8 * (5 * r3);
+ d1 += h9 * (5 * r2);
+ c += d1 >>> 13;
+ d1 &= 0x1fff;
+
+ d2 = c;
+ d2 += h0 * r2;
+ d2 += h1 * r1;
+ d2 += h2 * r0;
+ d2 += h3 * (5 * r9);
+ d2 += h4 * (5 * r8);
+ c = d2 >>> 13;
+ d2 &= 0x1fff;
+ d2 += h5 * (5 * r7);
+ d2 += h6 * (5 * r6);
+ d2 += h7 * (5 * r5);
+ d2 += h8 * (5 * r4);
+ d2 += h9 * (5 * r3);
+ c += d2 >>> 13;
+ d2 &= 0x1fff;
+
+ d3 = c;
+ d3 += h0 * r3;
+ d3 += h1 * r2;
+ d3 += h2 * r1;
+ d3 += h3 * r0;
+ d3 += h4 * (5 * r9);
+ c = d3 >>> 13;
+ d3 &= 0x1fff;
+ d3 += h5 * (5 * r8);
+ d3 += h6 * (5 * r7);
+ d3 += h7 * (5 * r6);
+ d3 += h8 * (5 * r5);
+ d3 += h9 * (5 * r4);
+ c += d3 >>> 13;
+ d3 &= 0x1fff;
+
+ d4 = c;
+ d4 += h0 * r4;
+ d4 += h1 * r3;
+ d4 += h2 * r2;
+ d4 += h3 * r1;
+ d4 += h4 * r0;
+ c = d4 >>> 13;
+ d4 &= 0x1fff;
+ d4 += h5 * (5 * r9);
+ d4 += h6 * (5 * r8);
+ d4 += h7 * (5 * r7);
+ d4 += h8 * (5 * r6);
+ d4 += h9 * (5 * r5);
+ c += d4 >>> 13;
+ d4 &= 0x1fff;
+
+ d5 = c;
+ d5 += h0 * r5;
+ d5 += h1 * r4;
+ d5 += h2 * r3;
+ d5 += h3 * r2;
+ d5 += h4 * r1;
+ c = d5 >>> 13;
+ d5 &= 0x1fff;
+ d5 += h5 * r0;
+ d5 += h6 * (5 * r9);
+ d5 += h7 * (5 * r8);
+ d5 += h8 * (5 * r7);
+ d5 += h9 * (5 * r6);
+ c += d5 >>> 13;
+ d5 &= 0x1fff;
+
+ d6 = c;
+ d6 += h0 * r6;
+ d6 += h1 * r5;
+ d6 += h2 * r4;
+ d6 += h3 * r3;
+ d6 += h4 * r2;
+ c = d6 >>> 13;
+ d6 &= 0x1fff;
+ d6 += h5 * r1;
+ d6 += h6 * r0;
+ d6 += h7 * (5 * r9);
+ d6 += h8 * (5 * r8);
+ d6 += h9 * (5 * r7);
+ c += d6 >>> 13;
+ d6 &= 0x1fff;
+
+ d7 = c;
+ d7 += h0 * r7;
+ d7 += h1 * r6;
+ d7 += h2 * r5;
+ d7 += h3 * r4;
+ d7 += h4 * r3;
+ c = d7 >>> 13;
+ d7 &= 0x1fff;
+ d7 += h5 * r2;
+ d7 += h6 * r1;
+ d7 += h7 * r0;
+ d7 += h8 * (5 * r9);
+ d7 += h9 * (5 * r8);
+ c += d7 >>> 13;
+ d7 &= 0x1fff;
+
+ d8 = c;
+ d8 += h0 * r8;
+ d8 += h1 * r7;
+ d8 += h2 * r6;
+ d8 += h3 * r5;
+ d8 += h4 * r4;
+ c = d8 >>> 13;
+ d8 &= 0x1fff;
+ d8 += h5 * r3;
+ d8 += h6 * r2;
+ d8 += h7 * r1;
+ d8 += h8 * r0;
+ d8 += h9 * (5 * r9);
+ c += d8 >>> 13;
+ d8 &= 0x1fff;
+
+ d9 = c;
+ d9 += h0 * r9;
+ d9 += h1 * r8;
+ d9 += h2 * r7;
+ d9 += h3 * r6;
+ d9 += h4 * r5;
+ c = d9 >>> 13;
+ d9 &= 0x1fff;
+ d9 += h5 * r4;
+ d9 += h6 * r3;
+ d9 += h7 * r2;
+ d9 += h8 * r1;
+ d9 += h9 * r0;
+ c += d9 >>> 13;
+ d9 &= 0x1fff;
+
+ c = ((c << 2) + c) | 0;
+ c = (c + d0) | 0;
+ d0 = c & 0x1fff;
+ c = c >>> 13;
+ d1 += c;
+
+ h0 = d0;
+ h1 = d1;
+ h2 = d2;
+ h3 = d3;
+ h4 = d4;
+ h5 = d5;
+ h6 = d6;
+ h7 = d7;
+ h8 = d8;
+ h9 = d9;
+
+ mpos += 16;
+ bytes -= 16;
+ }
+ this.h[0] = h0;
+ this.h[1] = h1;
+ this.h[2] = h2;
+ this.h[3] = h3;
+ this.h[4] = h4;
+ this.h[5] = h5;
+ this.h[6] = h6;
+ this.h[7] = h7;
+ this.h[8] = h8;
+ this.h[9] = h9;
+ }
+
+ finish(mac: Uint8Array, macpos: number) {
+ var g = new Uint16Array(10);
+ var c, mask, f, i;
+
+ if (this.leftover) {
+ i = this.leftover;
+ this.buffer[i++] = 1;
+ for (; i < 16; i++) this.buffer[i] = 0;
+ this.fin = 1;
+ this.blocks(this.buffer, 0, 16);
+ }
+
+ c = this.h[1] >>> 13;
+ this.h[1] &= 0x1fff;
+ for (i = 2; i < 10; i++) {
+ this.h[i] += c;
+ c = this.h[i] >>> 13;
+ this.h[i] &= 0x1fff;
+ }
+ this.h[0] += c * 5;
+ c = this.h[0] >>> 13;
+ this.h[0] &= 0x1fff;
+ this.h[1] += c;
+ c = this.h[1] >>> 13;
+ this.h[1] &= 0x1fff;
+ this.h[2] += c;
+
+ g[0] = this.h[0] + 5;
+ c = g[0] >>> 13;
+ g[0] &= 0x1fff;
+ for (i = 1; i < 10; i++) {
+ g[i] = this.h[i] + c;
+ c = g[i] >>> 13;
+ g[i] &= 0x1fff;
+ }
+ g[9] -= 1 << 13;
+
+ mask = (c ^ 1) - 1;
+ for (i = 0; i < 10; i++) g[i] &= mask;
+ mask = ~mask;
+ for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i];
+
+ this.h[0] = (this.h[0] | (this.h[1] << 13)) & 0xffff;
+ this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10)) & 0xffff;
+ this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7)) & 0xffff;
+ this.h[3] = ((this.h[3] >>> 9) | (this.h[4] << 4)) & 0xffff;
+ this.h[4] =
+ ((this.h[4] >>> 12) | (this.h[5] << 1) | (this.h[6] << 14)) & 0xffff;
+ this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11)) & 0xffff;
+ this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8)) & 0xffff;
+ this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5)) & 0xffff;
+
+ f = this.h[0] + this.pad[0];
+ this.h[0] = f & 0xffff;
+ for (i = 1; i < 8; i++) {
+ f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0;
+ this.h[i] = f & 0xffff;
+ }
+
+ mac[macpos + 0] = (this.h[0] >>> 0) & 0xff;
+ mac[macpos + 1] = (this.h[0] >>> 8) & 0xff;
+ mac[macpos + 2] = (this.h[1] >>> 0) & 0xff;
+ mac[macpos + 3] = (this.h[1] >>> 8) & 0xff;
+ mac[macpos + 4] = (this.h[2] >>> 0) & 0xff;
+ mac[macpos + 5] = (this.h[2] >>> 8) & 0xff;
+ mac[macpos + 6] = (this.h[3] >>> 0) & 0xff;
+ mac[macpos + 7] = (this.h[3] >>> 8) & 0xff;
+ mac[macpos + 8] = (this.h[4] >>> 0) & 0xff;
+ mac[macpos + 9] = (this.h[4] >>> 8) & 0xff;
+ mac[macpos + 10] = (this.h[5] >>> 0) & 0xff;
+ mac[macpos + 11] = (this.h[5] >>> 8) & 0xff;
+ mac[macpos + 12] = (this.h[6] >>> 0) & 0xff;
+ mac[macpos + 13] = (this.h[6] >>> 8) & 0xff;
+ mac[macpos + 14] = (this.h[7] >>> 0) & 0xff;
+ mac[macpos + 15] = (this.h[7] >>> 8) & 0xff;
+ }
+
+ update(m: Uint8Array, mpos: number, bytes: number) {
+ let i: number;
+ let want: number;
+ if (this.leftover) {
+ want = 16 - this.leftover;
+ if (want > bytes) want = bytes;
+ for (i = 0; i < want; i++) this.buffer[this.leftover + i] = m[mpos + i];
+ bytes -= want;
+ mpos += want;
+ this.leftover += want;
+ if (this.leftover < 16) return;
+ this.blocks(this.buffer, 0, 16);
+ this.leftover = 0;
+ }
+
+ if (bytes >= 16) {
+ want = bytes - (bytes % 16);
+ this.blocks(m, mpos, want);
+ mpos += want;
+ bytes -= want;
+ }
+
+ if (bytes) {
+ for (i = 0; i < bytes; i++) this.buffer[this.leftover + i] = m[mpos + i];
+ this.leftover += bytes;
+ }
+ }
+}
+
+function crypto_onetimeauth(
+ out: Uint8Array,
+ outpos: number,
+ m: any,
+ mpos: number,
+ n: number,
+ k: Uint8Array,
+) {
+ var s = new poly1305(k);
+ s.update(m, mpos, n);
+ s.finish(out, outpos);
+ return 0;
+}
+
+function crypto_onetimeauth_verify(
+ h: Uint8Array,
+ hpos: number,
+ m: any,
+ mpos: number,
+ n: number,
+ k: Uint8Array,
+) {
+ var x = new Uint8Array(16);
+ crypto_onetimeauth(x, 0, m, mpos, n, k);
+ return crypto_verify_16(h, hpos, x, 0);
+}
+
+function crypto_secretbox(
+ c: Uint8Array,
+ m: Uint8Array,
+ d: number,
+ n: Uint8Array,
+ k: Uint8Array,
+): number {
+ var i;
+ if (d < 32) return -1;
+ crypto_stream_xor(c, 0, m, 0, d, n, k);
+ crypto_onetimeauth(c, 16, c, 32, d - 32, c);
+ for (i = 0; i < 16; i++) c[i] = 0;
+ return 0;
+}
+
+function crypto_secretbox_open(
+ m: Uint8Array,
+ c: Uint8Array,
+ d: number,
+ n: Uint8Array,
+ k: Uint8Array,
+): number {
+ var i;
+ var x = new Uint8Array(32);
+ if (d < 32) return -1;
+ crypto_stream(x, 0, 32, n, k);
+ if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0) return -1;
+ crypto_stream_xor(m, 0, c, 0, d, n, k);
+ for (i = 0; i < 32; i++) m[i] = 0;
+ return 0;
+}
+
function set25519(r: Float64Array, a: Float64Array): void {
let i;
for (i = 0; i < 16; i++) r[i] = a[i] | 0;
@@ -1698,16 +2769,26 @@ function crypto_sign_open(
return mlen;
}
-const crypto_scalarmult_BYTES = 32,
- crypto_scalarmult_SCALARBYTES = 32,
- crypto_sign_BYTES = 64,
- crypto_sign_PUBLICKEYBYTES = 32,
- crypto_sign_SECRETKEYBYTES = 64,
- crypto_sign_SEEDBYTES = 32,
- crypto_hash_BYTES = 64;
+const crypto_secretbox_KEYBYTES = 32;
+const crypto_secretbox_NONCEBYTES = 24;
+const crypto_secretbox_ZEROBYTES = 32;
+const crypto_secretbox_BOXZEROBYTES = 16;
+const crypto_scalarmult_BYTES = 32;
+const crypto_scalarmult_SCALARBYTES = 32;
+const crypto_sign_BYTES = 64;
+const crypto_sign_PUBLICKEYBYTES = 32;
+const crypto_sign_SECRETKEYBYTES = 64;
+const crypto_sign_SEEDBYTES = 32;
+const crypto_hash_BYTES = 64;
/* High-level API */
+function checkLengths(k: Uint8Array, n: Uint8Array) {
+ if (k.length !== crypto_secretbox_KEYBYTES) throw new Error("bad key size");
+ if (n.length !== crypto_secretbox_NONCEBYTES)
+ throw new Error("bad nonce size");
+}
+
function checkArrayTypes(...args: Uint8Array[]): void {
for (let i = 0; i < args.length; i++) {
if (!(args[i] instanceof Uint8Array))
@@ -1909,6 +2990,33 @@ export function sign_ed25519_pk_to_curve25519(
return x25519_pk;
}
+export function secretbox(msg: Uint8Array, nonce: Uint8Array, key: Uint8Array)
{
+ checkArrayTypes(msg, nonce, key);
+ checkLengths(key, nonce);
+ var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);
+ var c = new Uint8Array(m.length);
+ for (var i = 0; i < msg.length; i++)
+ m[i + crypto_secretbox_ZEROBYTES] = msg[i];
+ crypto_secretbox(c, m, m.length, nonce, key);
+ return c.subarray(crypto_secretbox_BOXZEROBYTES);
+}
+
+export function secretbox_open(
+ box: Uint8Array,
+ nonce: Uint8Array,
+ key: Uint8Array,
+) {
+ checkArrayTypes(box, nonce, key);
+ checkLengths(key, nonce);
+ var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);
+ var m = new Uint8Array(c.length);
+ for (var i = 0; i < box.length; i++)
+ c[i + crypto_secretbox_BOXZEROBYTES] = box[i];
+ if (c.length < 32) return null;
+ if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null;
+ return m.subarray(crypto_secretbox_ZEROBYTES);
+}
+
(function () {
// Initialize PRNG if environment provides CSPRNG.
// If not, methods calling randombytes will throw.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-wallet-core] branch master updated: re-add secretbox functionality of nacl,
gnunet <=