UNPKG

@polkadot/util-crypto/cjs/nacl/tweetnacl.js

Version:

7.54 kBJavaScriptView Raw

1"use strict";
2Object.defineProperty(exports, "__esModule", { value: true });
3exports.naclSecretboxOpen = exports.naclSecretbox = void 0;
4/* eslint-disable brace-style,camelcase,comma-spacing,curly,one-var,padding-line-between-statements,space-infix-ops */
5function L32(x, c) { return (x << c) | (x >>> (32 - c)); }
6function ld32(x, i) {
  let u = x[i + 3] & 0xff;
  u = (u << 8) | (x[i + 2] & 0xff);
  u = (u << 8) | (x[i + 1] & 0xff);
  return (u << 8) | (x[i + 0] & 0xff);
11}
12function st32(x, j, u) {
  for (let i = 0; i < 4; i++) {
      x[j + i] = u & 255;
      u >>>= 8;
  }
17}
18function vn(x, xi, y, yi, n) {
  let d = 0;
  for (let i = 0; i < n; i++)
      d |= x[xi + i] ^ y[yi + i];
  return (1 & ((d - 1) >>> 8)) - 1;
23}
24function core(out, inp, k, c, h) {
  const w = new Uint32Array(16), x = new Uint32Array(16), y = new Uint32Array(16), t = new Uint32Array(4);
  let i, j, m;
  for (i = 0; i < 4; i++) {
      x[5 * i] = ld32(c, 4 * i);
      x[1 + i] = ld32(k, 4 * i);
      x[6 + i] = ld32(inp, 4 * i);
      x[11 + i] = ld32(k, 16 + 4 * i);
  }
  for (i = 0; i < 16; i++)
      y[i] = x[i];
  for (i = 0; i < 20; i++) {
      for (j = 0; j < 4; j++) {
          for (m = 0; m < 4; m++)
              t[m] = x[(5 * j + 4 * m) % 16];
          t[1] ^= L32((t[0] + t[3]) | 0, 7);
          t[2] ^= L32((t[1] + t[0]) | 0, 9);
          t[3] ^= L32((t[2] + t[1]) | 0, 13);
          t[0] ^= L32((t[3] + t[2]) | 0, 18);
          for (m = 0; m < 4; m++)
              w[4 * j + (j + m) % 4] = t[m];
      }
      for (m = 0; m < 16; m++)
          x[m] = w[m];
  }
  if (h) {
      for (i = 0; i < 16; i++)
          x[i] = (x[i] + y[i]) | 0;
      for (i = 0; i < 4; i++) {
          x[5 * i] = (x[5 * i] - ld32(c, 4 * i)) | 0;
          x[6 + i] = (x[6 + i] - ld32(inp, 4 * i)) | 0;
      }
      for (i = 0; i < 4; i++) {
          st32(out, 4 * i, x[5 * i]);
          st32(out, 16 + 4 * i, x[6 + i]);
      }
  }
  else {
      for (i = 0; i < 16; i++)
          st32(out, 4 * i, (x[i] + y[i]) | 0);
  }
65}
66const sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);
67function crypto_stream_salsa20_xor(c, cpos, m, mpos, b, n, k) {
  const z = new Uint8Array(16), x = new Uint8Array(64);
  let u, i;
  if (!b)
      return 0;
  for (i = 0; i < 16; i++)
      z[i] = 0;
  for (i = 0; i < 8; i++)
      z[i] = n[i];
  while (b >= 64) {
      core(x, z, k, sigma, false);
      for (i = 0; i < 64; i++)
          c[cpos + i] = (m ? m[mpos + i] : 0) ^ x[i];
      u = 1;
      for (i = 8; i < 16; i++) {
          u = u + (z[i] & 0xff) | 0;
          z[i] = u & 0xff;
          u >>>= 8;
      }
      b -= 64;
      cpos += 64;
      if (m)
          mpos += 64;
  }
  if (b > 0) {
      core(x, z, k, sigma, false);
      for (i = 0; i < b; i++)
          c[cpos + i] = (m ? m[mpos + i] : 0) ^ x[i];
  }
  return 0;
97}
98function crypto_stream_xor(c, cpos, m, mpos, d, n, k) {
  const s = new Uint8Array(32);
  core(s, n, k, sigma, true);
  return crypto_stream_salsa20_xor(c, cpos, m, mpos, d, n.subarray(16), s);
102}
103function add1305(h, c) {
  let u = 0;
  for (let j = 0; j < 17; j++) {
      u = (u + ((h[j] + c[j]) | 0)) | 0;
      h[j] = u & 255;
      u >>>= 8;
  }
110}
111const minusp = new Uint32Array([5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252]);
112function crypto_onetimeauth(out, outpos, m, mpos, n, k) {
  let i, j, u;
  const x = new Uint32Array(17), r = new Uint32Array(17), h = new Uint32Array(17), c = new Uint32Array(17), g = new Uint32Array(17);
  for (j = 0; j < 17; j++)
      r[j] = h[j] = 0;
  for (j = 0; j < 16; j++)
      r[j] = k[j];
  r[3] &= 15;
  r[4] &= 252;
  r[7] &= 15;
  r[8] &= 252;
  r[11] &= 15;
  r[12] &= 252;
  r[15] &= 15;
  while (n > 0) {
      for (j = 0; j < 17; j++)
          c[j] = 0;
      for (j = 0; (j < 16) && (j < n); ++j)
          c[j] = m[mpos + j];
      c[j] = 1;
      mpos += j;
      n -= j;
      add1305(h, c);
      for (i = 0; i < 17; i++) {
          x[i] = 0;
          for (j = 0; j < 17; j++)
              x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] : ((320 * r[i + 17 - j]) | 0))) | 0) | 0;
      }
      for (i = 0; i < 17; i++)
          h[i] = x[i];
      u = 0;
      for (j = 0; j < 16; j++) {
          u = (u + h[j]) | 0;
          h[j] = u & 255;
          u >>>= 8;
      }
      u = (u + h[16]) | 0;
      h[16] = u & 3;
      u = (5 * (u >>> 2)) | 0;
      for (j = 0; j < 16; j++) {
          u = (u + h[j]) | 0;
          h[j] = u & 255;
          u >>>= 8;
      }
      u = (u + h[16]) | 0;
      h[16] = u;
  }
  for (j = 0; j < 17; j++)
      g[j] = h[j];
  add1305(h, minusp);
  const s = (-(h[16] >>> 7) | 0);
  for (j = 0; j < 17; j++)
      h[j] ^= s & (g[j] ^ h[j]);
  for (j = 0; j < 16; j++)
      c[j] = k[j + 16];
  c[16] = 0;
  add1305(h, c);
  for (j = 0; j < 16; j++)
      out[outpos + j] = h[j];
  return 0;
172}
173function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {
  const x = new Uint8Array(16);
  crypto_onetimeauth(x, 0, m, mpos, n, k);
  return vn(h, hpos, x, 0, 16);
177}
178function crypto_secretbox(c, m, d, n, k) {
  if (d < 32)
      return -1;
  crypto_stream_xor(c, 0, m, 0, d, n, k);
  crypto_onetimeauth(c, 16, c, 32, d - 32, c);
  for (let i = 0; i < 16; i++)
      c[i] = 0;
  return 0;
186}
187function crypto_secretbox_open(m, c, d, n, k) {
  const x = new Uint8Array(32);
  if (d < 32)
      return -1;
  crypto_stream_xor(x, 0, null, 0, 32, n, k);
  if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0)
      return -1;
  crypto_stream_xor(m, 0, c, 0, d, n, k);
  for (let i = 0; i < 32; i++)
      m[i] = 0;
  return 0;
198}
199const crypto_secretbox_KEYBYTES = 32;
200const crypto_secretbox_NONCEBYTES = 24;
201const crypto_secretbox_ZEROBYTES = 32;
202const crypto_secretbox_BOXZEROBYTES = 16;
203function checkLengths(k, n) {
  if (k.length !== crypto_secretbox_KEYBYTES)
      throw new Error('bad key size');
  if (n.length !== crypto_secretbox_NONCEBYTES)
      throw new Error('bad nonce size');
208}
209function checkArrayTypes(...args) {
  for (let i = 0, count = args.length; i < count; i++) {
      if (!(args[i] instanceof Uint8Array))
          throw new TypeError('unexpected type, use Uint8Array');
  }
214}
215function naclSecretbox(msg, nonce, key) {
  checkArrayTypes(msg, nonce, key);
  checkLengths(key, nonce);
  const m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);
  const c = new Uint8Array(m.length);
  for (let i = 0; i < msg.length; i++)
      m[i + crypto_secretbox_ZEROBYTES] = msg[i];
  crypto_secretbox(c, m, m.length, nonce, key);
  return c.subarray(crypto_secretbox_BOXZEROBYTES);
224}
225exports.naclSecretbox = naclSecretbox;
226function naclSecretboxOpen(box, nonce, key) {
  checkArrayTypes(box, nonce, key);
  checkLengths(key, nonce);
  const c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);
  const m = new Uint8Array(c.length);
  for (let i = 0; i < box.length; i++)
      c[i + crypto_secretbox_BOXZEROBYTES] = box[i];
  if (c.length < 32)
      return null;
  if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0)
      return null;
  return m.subarray(crypto_secretbox_ZEROBYTES);
238}
239exports.naclSecretboxOpen = naclSecretboxOpen;

1	`"use strict";`
2	`Object.defineProperty(exports, "__esModule", { value: true });`
3	`exports.naclSecretboxOpen = exports.naclSecretbox = void 0;`
4	`/* eslint-disable brace-style,camelcase,comma-spacing,curly,one-var,padding-line-between-statements,space-infix-ops */`
5	`function L32(x, c) { return (x << c) \| (x >>> (32 - c)); }`
6	`function ld32(x, i) {`
7	`let u = x[i + 3] & 0xff;`
8	`u = (u << 8) \| (x[i + 2] & 0xff);`
9	`u = (u << 8) \| (x[i + 1] & 0xff);`
10	`return (u << 8) \| (x[i + 0] & 0xff);`
11	`}`
12	`function st32(x, j, u) {`
13	`for (let i = 0; i < 4; i++) {`
14	`x[j + i] = u & 255;`
15	`u >>>= 8;`
16	`}`
17	`}`
18	`function vn(x, xi, y, yi, n) {`
19	`let d = 0;`
20	`for (let i = 0; i < n; i++)`
21	`d \|= x[xi + i] ^ y[yi + i];`
22	`return (1 & ((d - 1) >>> 8)) - 1;`
23	`}`
24	`function core(out, inp, k, c, h) {`
25	`const w = new Uint32Array(16), x = new Uint32Array(16), y = new Uint32Array(16), t = new Uint32Array(4);`
26	`let i, j, m;`
27	`for (i = 0; i < 4; i++) {`
28	`x[5 * i] = ld32(c, 4 * i);`
29	`x[1 + i] = ld32(k, 4 * i);`
30	`x[6 + i] = ld32(inp, 4 * i);`
31	`x[11 + i] = ld32(k, 16 + 4 * i);`
32	`}`
33	`for (i = 0; i < 16; i++)`
34	`y[i] = x[i];`
35	`for (i = 0; i < 20; i++) {`
36	`for (j = 0; j < 4; j++) {`
37	`for (m = 0; m < 4; m++)`
38	`t[m] = x[(5 * j + 4 * m) % 16];`
39	`t[1] ^= L32((t[0] + t[3]) \| 0, 7);`
40	`t[2] ^= L32((t[1] + t[0]) \| 0, 9);`
41	`t[3] ^= L32((t[2] + t[1]) \| 0, 13);`
42	`t[0] ^= L32((t[3] + t[2]) \| 0, 18);`
43	`for (m = 0; m < 4; m++)`
44	`w[4 * j + (j + m) % 4] = t[m];`
45	`}`
46	`for (m = 0; m < 16; m++)`
47	`x[m] = w[m];`
48	`}`
49	`if (h) {`
50	`for (i = 0; i < 16; i++)`
51	`x[i] = (x[i] + y[i]) \| 0;`
52	`for (i = 0; i < 4; i++) {`
53	`x[5 * i] = (x[5 * i] - ld32(c, 4 * i)) \| 0;`
54	`x[6 + i] = (x[6 + i] - ld32(inp, 4 * i)) \| 0;`
55	`}`
56	`for (i = 0; i < 4; i++) {`
57	`st32(out, 4 * i, x[5 * i]);`
58	`st32(out, 16 + 4 * i, x[6 + i]);`
59	`}`
60	`}`
61	`else {`
62	`for (i = 0; i < 16; i++)`
63	`st32(out, 4 * i, (x[i] + y[i]) \| 0);`
64	`}`
65	`}`
66	`const sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);`
67	`function crypto_stream_salsa20_xor(c, cpos, m, mpos, b, n, k) {`
68	`const z = new Uint8Array(16), x = new Uint8Array(64);`
69	`let u, i;`
70	`if (!b)`
71	`return 0;`
72	`for (i = 0; i < 16; i++)`
73	`z[i] = 0;`
74	`for (i = 0; i < 8; i++)`
75	`z[i] = n[i];`
76	`while (b >= 64) {`
77	`core(x, z, k, sigma, false);`
78	`for (i = 0; i < 64; i++)`
79	`c[cpos + i] = (m ? m[mpos + i] : 0) ^ x[i];`
80	`u = 1;`
81	`for (i = 8; i < 16; i++) {`
82	`u = u + (z[i] & 0xff) \| 0;`
83	`z[i] = u & 0xff;`
84	`u >>>= 8;`
85	`}`
86	`b -= 64;`
87	`cpos += 64;`
88	`if (m)`
89	`mpos += 64;`
90	`}`
91	`if (b > 0) {`
92	`core(x, z, k, sigma, false);`
93	`for (i = 0; i < b; i++)`
94	`c[cpos + i] = (m ? m[mpos + i] : 0) ^ x[i];`
95	`}`
96	`return 0;`
97	`}`
98	`function crypto_stream_xor(c, cpos, m, mpos, d, n, k) {`
99	`const s = new Uint8Array(32);`
100	`core(s, n, k, sigma, true);`
101	`return crypto_stream_salsa20_xor(c, cpos, m, mpos, d, n.subarray(16), s);`
102	`}`
103	`function add1305(h, c) {`
104	`let u = 0;`
105	`for (let j = 0; j < 17; j++) {`
106	`u = (u + ((h[j] + c[j]) \| 0)) \| 0;`
107	`h[j] = u & 255;`
108	`u >>>= 8;`
109	`}`
110	`}`
111	`const minusp = new Uint32Array([5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252]);`
112	`function crypto_onetimeauth(out, outpos, m, mpos, n, k) {`
113	`let i, j, u;`
114	`const x = new Uint32Array(17), r = new Uint32Array(17), h = new Uint32Array(17), c = new Uint32Array(17), g = new Uint32Array(17);`
115	`for (j = 0; j < 17; j++)`
116	`r[j] = h[j] = 0;`
117	`for (j = 0; j < 16; j++)`
118	`r[j] = k[j];`
119	`r[3] &= 15;`
120	`r[4] &= 252;`
121	`r[7] &= 15;`
122	`r[8] &= 252;`
123	`r[11] &= 15;`
124	`r[12] &= 252;`
125	`r[15] &= 15;`
126	`while (n > 0) {`
127	`for (j = 0; j < 17; j++)`
128	`c[j] = 0;`
129	`for (j = 0; (j < 16) && (j < n); ++j)`
130	`c[j] = m[mpos + j];`
131	`c[j] = 1;`
132	`mpos += j;`
133	`n -= j;`
134	`add1305(h, c);`
135	`for (i = 0; i < 17; i++) {`
136	`x[i] = 0;`
137	`for (j = 0; j < 17; j++)`
138	`x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] : ((320 * r[i + 17 - j]) \| 0))) \| 0) \| 0;`
139	`}`
140	`for (i = 0; i < 17; i++)`
141	`h[i] = x[i];`
142	`u = 0;`
143	`for (j = 0; j < 16; j++) {`
144	`u = (u + h[j]) \| 0;`
145	`h[j] = u & 255;`
146	`u >>>= 8;`
147	`}`
148	`u = (u + h[16]) \| 0;`
149	`h[16] = u & 3;`
150	`u = (5 * (u >>> 2)) \| 0;`
151	`for (j = 0; j < 16; j++) {`
152	`u = (u + h[j]) \| 0;`
153	`h[j] = u & 255;`
154	`u >>>= 8;`
155	`}`
156	`u = (u + h[16]) \| 0;`
157	`h[16] = u;`
158	`}`
159	`for (j = 0; j < 17; j++)`
160	`g[j] = h[j];`
161	`add1305(h, minusp);`
162	`const s = (-(h[16] >>> 7) \| 0);`
163	`for (j = 0; j < 17; j++)`
164	`h[j] ^= s & (g[j] ^ h[j]);`
165	`for (j = 0; j < 16; j++)`
166	`c[j] = k[j + 16];`
167	`c[16] = 0;`
168	`add1305(h, c);`
169	`for (j = 0; j < 16; j++)`
170	`out[outpos + j] = h[j];`
171	`return 0;`
172	`}`
173	`function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {`
174	`const x = new Uint8Array(16);`
175	`crypto_onetimeauth(x, 0, m, mpos, n, k);`
176	`return vn(h, hpos, x, 0, 16);`
177	`}`
178	`function crypto_secretbox(c, m, d, n, k) {`
179	`if (d < 32)`
180	`return -1;`
181	`crypto_stream_xor(c, 0, m, 0, d, n, k);`
182	`crypto_onetimeauth(c, 16, c, 32, d - 32, c);`
183	`for (let i = 0; i < 16; i++)`
184	`c[i] = 0;`
185	`return 0;`
186	`}`
187	`function crypto_secretbox_open(m, c, d, n, k) {`
188	`const x = new Uint8Array(32);`
189	`if (d < 32)`
190	`return -1;`
191	`crypto_stream_xor(x, 0, null, 0, 32, n, k);`
192	`if (crypto_onetimeauth_verify(c, 16, c, 32, d - 32, x) !== 0)`
193	`return -1;`
194	`crypto_stream_xor(m, 0, c, 0, d, n, k);`
195	`for (let i = 0; i < 32; i++)`
196	`m[i] = 0;`
197	`return 0;`
198	`}`
199	`const crypto_secretbox_KEYBYTES = 32;`
200	`const crypto_secretbox_NONCEBYTES = 24;`
201	`const crypto_secretbox_ZEROBYTES = 32;`
202	`const crypto_secretbox_BOXZEROBYTES = 16;`
203	`function checkLengths(k, n) {`
204	`if (k.length !== crypto_secretbox_KEYBYTES)`
205	`throw new Error('bad key size');`
206	`if (n.length !== crypto_secretbox_NONCEBYTES)`
207	`throw new Error('bad nonce size');`
208	`}`
209	`function checkArrayTypes(...args) {`
210	`for (let i = 0, count = args.length; i < count; i++) {`
211	`if (!(args[i] instanceof Uint8Array))`
212	`throw new TypeError('unexpected type, use Uint8Array');`
213	`}`
214	`}`
215	`function naclSecretbox(msg, nonce, key) {`
216	`checkArrayTypes(msg, nonce, key);`
217	`checkLengths(key, nonce);`
218	`const m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);`
219	`const c = new Uint8Array(m.length);`
220	`for (let i = 0; i < msg.length; i++)`
221	`m[i + crypto_secretbox_ZEROBYTES] = msg[i];`
222	`crypto_secretbox(c, m, m.length, nonce, key);`
223	`return c.subarray(crypto_secretbox_BOXZEROBYTES);`
224	`}`
225	`exports.naclSecretbox = naclSecretbox;`
226	`function naclSecretboxOpen(box, nonce, key) {`
227	`checkArrayTypes(box, nonce, key);`
228	`checkLengths(key, nonce);`
229	`const c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);`
230	`const m = new Uint8Array(c.length);`
231	`for (let i = 0; i < box.length; i++)`
232	`c[i + crypto_secretbox_BOXZEROBYTES] = box[i];`
233	`if (c.length < 32)`
234	`return null;`
235	`if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0)`
236	`return null;`
237	`return m.subarray(crypto_secretbox_ZEROBYTES);`
238	`}`
239	`exports.naclSecretboxOpen = naclSecretboxOpen;`