| 1 | if (new Uint16Array([1])[0] !== 1) throw new Error('Big endian architecture is not supported.')
|
| 2 |
|
| 3 | var gf = function(init) {
|
| 4 | var i, r = new Float64Array(16);
|
| 5 | if (init) for (i = 0; i < init.length; i++) r[i] = init[i];
|
| 6 | return r;
|
| 7 | }
|
| 8 |
|
| 9 | var _0 = new Uint8Array(16);
|
| 10 | var _9 = new Uint8Array(32); _9[0] = 9;
|
| 11 |
|
| 12 | var gf0 = gf(),
|
| 13 | gf1 = gf([1]),
|
| 14 | _121665 = gf([0xdb41, 1]),
|
| 15 | D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),
|
| 16 | D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),
|
| 17 | X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),
|
| 18 | Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),
|
| 19 | I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);
|
| 20 |
|
| 21 | function A(o, a, b) {
|
| 22 | for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];
|
| 23 | }
|
| 24 |
|
| 25 | function Z(o, a, b) {
|
| 26 | for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];
|
| 27 | }
|
| 28 |
|
| 29 | function M(o, a, b) {
|
| 30 | var v, c,
|
| 31 | t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,
|
| 32 | t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,
|
| 33 | t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,
|
| 34 | t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,
|
| 35 | b0 = b[0],
|
| 36 | b1 = b[1],
|
| 37 | b2 = b[2],
|
| 38 | b3 = b[3],
|
| 39 | b4 = b[4],
|
| 40 | b5 = b[5],
|
| 41 | b6 = b[6],
|
| 42 | b7 = b[7],
|
| 43 | b8 = b[8],
|
| 44 | b9 = b[9],
|
| 45 | b10 = b[10],
|
| 46 | b11 = b[11],
|
| 47 | b12 = b[12],
|
| 48 | b13 = b[13],
|
| 49 | b14 = b[14],
|
| 50 | b15 = b[15];
|
| 51 |
|
| 52 | v = a[0];
|
| 53 | t0 += v * b0;
|
| 54 | t1 += v * b1;
|
| 55 | t2 += v * b2;
|
| 56 | t3 += v * b3;
|
| 57 | t4 += v * b4;
|
| 58 | t5 += v * b5;
|
| 59 | t6 += v * b6;
|
| 60 | t7 += v * b7;
|
| 61 | t8 += v * b8;
|
| 62 | t9 += v * b9;
|
| 63 | t10 += v * b10;
|
| 64 | t11 += v * b11;
|
| 65 | t12 += v * b12;
|
| 66 | t13 += v * b13;
|
| 67 | t14 += v * b14;
|
| 68 | t15 += v * b15;
|
| 69 | v = a[1];
|
| 70 | t1 += v * b0;
|
| 71 | t2 += v * b1;
|
| 72 | t3 += v * b2;
|
| 73 | t4 += v * b3;
|
| 74 | t5 += v * b4;
|
| 75 | t6 += v * b5;
|
| 76 | t7 += v * b6;
|
| 77 | t8 += v * b7;
|
| 78 | t9 += v * b8;
|
| 79 | t10 += v * b9;
|
| 80 | t11 += v * b10;
|
| 81 | t12 += v * b11;
|
| 82 | t13 += v * b12;
|
| 83 | t14 += v * b13;
|
| 84 | t15 += v * b14;
|
| 85 | t16 += v * b15;
|
| 86 | v = a[2];
|
| 87 | t2 += v * b0;
|
| 88 | t3 += v * b1;
|
| 89 | t4 += v * b2;
|
| 90 | t5 += v * b3;
|
| 91 | t6 += v * b4;
|
| 92 | t7 += v * b5;
|
| 93 | t8 += v * b6;
|
| 94 | t9 += v * b7;
|
| 95 | t10 += v * b8;
|
| 96 | t11 += v * b9;
|
| 97 | t12 += v * b10;
|
| 98 | t13 += v * b11;
|
| 99 | t14 += v * b12;
|
| 100 | t15 += v * b13;
|
| 101 | t16 += v * b14;
|
| 102 | t17 += v * b15;
|
| 103 | v = a[3];
|
| 104 | t3 += v * b0;
|
| 105 | t4 += v * b1;
|
| 106 | t5 += v * b2;
|
| 107 | t6 += v * b3;
|
| 108 | t7 += v * b4;
|
| 109 | t8 += v * b5;
|
| 110 | t9 += v * b6;
|
| 111 | t10 += v * b7;
|
| 112 | t11 += v * b8;
|
| 113 | t12 += v * b9;
|
| 114 | t13 += v * b10;
|
| 115 | t14 += v * b11;
|
| 116 | t15 += v * b12;
|
| 117 | t16 += v * b13;
|
| 118 | t17 += v * b14;
|
| 119 | t18 += v * b15;
|
| 120 | v = a[4];
|
| 121 | t4 += v * b0;
|
| 122 | t5 += v * b1;
|
| 123 | t6 += v * b2;
|
| 124 | t7 += v * b3;
|
| 125 | t8 += v * b4;
|
| 126 | t9 += v * b5;
|
| 127 | t10 += v * b6;
|
| 128 | t11 += v * b7;
|
| 129 | t12 += v * b8;
|
| 130 | t13 += v * b9;
|
| 131 | t14 += v * b10;
|
| 132 | t15 += v * b11;
|
| 133 | t16 += v * b12;
|
| 134 | t17 += v * b13;
|
| 135 | t18 += v * b14;
|
| 136 | t19 += v * b15;
|
| 137 | v = a[5];
|
| 138 | t5 += v * b0;
|
| 139 | t6 += v * b1;
|
| 140 | t7 += v * b2;
|
| 141 | t8 += v * b3;
|
| 142 | t9 += v * b4;
|
| 143 | t10 += v * b5;
|
| 144 | t11 += v * b6;
|
| 145 | t12 += v * b7;
|
| 146 | t13 += v * b8;
|
| 147 | t14 += v * b9;
|
| 148 | t15 += v * b10;
|
| 149 | t16 += v * b11;
|
| 150 | t17 += v * b12;
|
| 151 | t18 += v * b13;
|
| 152 | t19 += v * b14;
|
| 153 | t20 += v * b15;
|
| 154 | v = a[6];
|
| 155 | t6 += v * b0;
|
| 156 | t7 += v * b1;
|
| 157 | t8 += v * b2;
|
| 158 | t9 += v * b3;
|
| 159 | t10 += v * b4;
|
| 160 | t11 += v * b5;
|
| 161 | t12 += v * b6;
|
| 162 | t13 += v * b7;
|
| 163 | t14 += v * b8;
|
| 164 | t15 += v * b9;
|
| 165 | t16 += v * b10;
|
| 166 | t17 += v * b11;
|
| 167 | t18 += v * b12;
|
| 168 | t19 += v * b13;
|
| 169 | t20 += v * b14;
|
| 170 | t21 += v * b15;
|
| 171 | v = a[7];
|
| 172 | t7 += v * b0;
|
| 173 | t8 += v * b1;
|
| 174 | t9 += v * b2;
|
| 175 | t10 += v * b3;
|
| 176 | t11 += v * b4;
|
| 177 | t12 += v * b5;
|
| 178 | t13 += v * b6;
|
| 179 | t14 += v * b7;
|
| 180 | t15 += v * b8;
|
| 181 | t16 += v * b9;
|
| 182 | t17 += v * b10;
|
| 183 | t18 += v * b11;
|
| 184 | t19 += v * b12;
|
| 185 | t20 += v * b13;
|
| 186 | t21 += v * b14;
|
| 187 | t22 += v * b15;
|
| 188 | v = a[8];
|
| 189 | t8 += v * b0;
|
| 190 | t9 += v * b1;
|
| 191 | t10 += v * b2;
|
| 192 | t11 += v * b3;
|
| 193 | t12 += v * b4;
|
| 194 | t13 += v * b5;
|
| 195 | t14 += v * b6;
|
| 196 | t15 += v * b7;
|
| 197 | t16 += v * b8;
|
| 198 | t17 += v * b9;
|
| 199 | t18 += v * b10;
|
| 200 | t19 += v * b11;
|
| 201 | t20 += v * b12;
|
| 202 | t21 += v * b13;
|
| 203 | t22 += v * b14;
|
| 204 | t23 += v * b15;
|
| 205 | v = a[9];
|
| 206 | t9 += v * b0;
|
| 207 | t10 += v * b1;
|
| 208 | t11 += v * b2;
|
| 209 | t12 += v * b3;
|
| 210 | t13 += v * b4;
|
| 211 | t14 += v * b5;
|
| 212 | t15 += v * b6;
|
| 213 | t16 += v * b7;
|
| 214 | t17 += v * b8;
|
| 215 | t18 += v * b9;
|
| 216 | t19 += v * b10;
|
| 217 | t20 += v * b11;
|
| 218 | t21 += v * b12;
|
| 219 | t22 += v * b13;
|
| 220 | t23 += v * b14;
|
| 221 | t24 += v * b15;
|
| 222 | v = a[10];
|
| 223 | t10 += v * b0;
|
| 224 | t11 += v * b1;
|
| 225 | t12 += v * b2;
|
| 226 | t13 += v * b3;
|
| 227 | t14 += v * b4;
|
| 228 | t15 += v * b5;
|
| 229 | t16 += v * b6;
|
| 230 | t17 += v * b7;
|
| 231 | t18 += v * b8;
|
| 232 | t19 += v * b9;
|
| 233 | t20 += v * b10;
|
| 234 | t21 += v * b11;
|
| 235 | t22 += v * b12;
|
| 236 | t23 += v * b13;
|
| 237 | t24 += v * b14;
|
| 238 | t25 += v * b15;
|
| 239 | v = a[11];
|
| 240 | t11 += v * b0;
|
| 241 | t12 += v * b1;
|
| 242 | t13 += v * b2;
|
| 243 | t14 += v * b3;
|
| 244 | t15 += v * b4;
|
| 245 | t16 += v * b5;
|
| 246 | t17 += v * b6;
|
| 247 | t18 += v * b7;
|
| 248 | t19 += v * b8;
|
| 249 | t20 += v * b9;
|
| 250 | t21 += v * b10;
|
| 251 | t22 += v * b11;
|
| 252 | t23 += v * b12;
|
| 253 | t24 += v * b13;
|
| 254 | t25 += v * b14;
|
| 255 | t26 += v * b15;
|
| 256 | v = a[12];
|
| 257 | t12 += v * b0;
|
| 258 | t13 += v * b1;
|
| 259 | t14 += v * b2;
|
| 260 | t15 += v * b3;
|
| 261 | t16 += v * b4;
|
| 262 | t17 += v * b5;
|
| 263 | t18 += v * b6;
|
| 264 | t19 += v * b7;
|
| 265 | t20 += v * b8;
|
| 266 | t21 += v * b9;
|
| 267 | t22 += v * b10;
|
| 268 | t23 += v * b11;
|
| 269 | t24 += v * b12;
|
| 270 | t25 += v * b13;
|
| 271 | t26 += v * b14;
|
| 272 | t27 += v * b15;
|
| 273 | v = a[13];
|
| 274 | t13 += v * b0;
|
| 275 | t14 += v * b1;
|
| 276 | t15 += v * b2;
|
| 277 | t16 += v * b3;
|
| 278 | t17 += v * b4;
|
| 279 | t18 += v * b5;
|
| 280 | t19 += v * b6;
|
| 281 | t20 += v * b7;
|
| 282 | t21 += v * b8;
|
| 283 | t22 += v * b9;
|
| 284 | t23 += v * b10;
|
| 285 | t24 += v * b11;
|
| 286 | t25 += v * b12;
|
| 287 | t26 += v * b13;
|
| 288 | t27 += v * b14;
|
| 289 | t28 += v * b15;
|
| 290 | v = a[14];
|
| 291 | t14 += v * b0;
|
| 292 | t15 += v * b1;
|
| 293 | t16 += v * b2;
|
| 294 | t17 += v * b3;
|
| 295 | t18 += v * b4;
|
| 296 | t19 += v * b5;
|
| 297 | t20 += v * b6;
|
| 298 | t21 += v * b7;
|
| 299 | t22 += v * b8;
|
| 300 | t23 += v * b9;
|
| 301 | t24 += v * b10;
|
| 302 | t25 += v * b11;
|
| 303 | t26 += v * b12;
|
| 304 | t27 += v * b13;
|
| 305 | t28 += v * b14;
|
| 306 | t29 += v * b15;
|
| 307 | v = a[15];
|
| 308 | t15 += v * b0;
|
| 309 | t16 += v * b1;
|
| 310 | t17 += v * b2;
|
| 311 | t18 += v * b3;
|
| 312 | t19 += v * b4;
|
| 313 | t20 += v * b5;
|
| 314 | t21 += v * b6;
|
| 315 | t22 += v * b7;
|
| 316 | t23 += v * b8;
|
| 317 | t24 += v * b9;
|
| 318 | t25 += v * b10;
|
| 319 | t26 += v * b11;
|
| 320 | t27 += v * b12;
|
| 321 | t28 += v * b13;
|
| 322 | t29 += v * b14;
|
| 323 | t30 += v * b15;
|
| 324 |
|
| 325 | t0 += 38 * t16;
|
| 326 | t1 += 38 * t17;
|
| 327 | t2 += 38 * t18;
|
| 328 | t3 += 38 * t19;
|
| 329 | t4 += 38 * t20;
|
| 330 | t5 += 38 * t21;
|
| 331 | t6 += 38 * t22;
|
| 332 | t7 += 38 * t23;
|
| 333 | t8 += 38 * t24;
|
| 334 | t9 += 38 * t25;
|
| 335 | t10 += 38 * t26;
|
| 336 | t11 += 38 * t27;
|
| 337 | t12 += 38 * t28;
|
| 338 | t13 += 38 * t29;
|
| 339 | t14 += 38 * t30;
|
| 340 |
|
| 341 |
|
| 342 |
|
| 343 | c = 1;
|
| 344 | v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
|
| 345 | v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
|
| 346 | v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
|
| 347 | v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
|
| 348 | v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
|
| 349 | v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
|
| 350 | v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
|
| 351 | v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
|
| 352 | v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
|
| 353 | v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
|
| 354 | v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
|
| 355 | v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
|
| 356 | v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
|
| 357 | v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
|
| 358 | v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
|
| 359 | v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
|
| 360 | t0 += c-1 + 37 * (c-1);
|
| 361 |
|
| 362 |
|
| 363 | c = 1;
|
| 364 | v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
|
| 365 | v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
|
| 366 | v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
|
| 367 | v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
|
| 368 | v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
|
| 369 | v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
|
| 370 | v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
|
| 371 | v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
|
| 372 | v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
|
| 373 | v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
|
| 374 | v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
|
| 375 | v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
|
| 376 | v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
|
| 377 | v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
|
| 378 | v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
|
| 379 | v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
|
| 380 | t0 += c-1 + 37 * (c-1);
|
| 381 |
|
| 382 | o[ 0] = t0;
|
| 383 | o[ 1] = t1;
|
| 384 | o[ 2] = t2;
|
| 385 | o[ 3] = t3;
|
| 386 | o[ 4] = t4;
|
| 387 | o[ 5] = t5;
|
| 388 | o[ 6] = t6;
|
| 389 | o[ 7] = t7;
|
| 390 | o[ 8] = t8;
|
| 391 | o[ 9] = t9;
|
| 392 | o[10] = t10;
|
| 393 | o[11] = t11;
|
| 394 | o[12] = t12;
|
| 395 | o[13] = t13;
|
| 396 | o[14] = t14;
|
| 397 | o[15] = t15;
|
| 398 | }
|
| 399 |
|
| 400 | function S(o, a) {
|
| 401 | M(o, a, a);
|
| 402 | }
|
| 403 |
|
| 404 | function sel25519(p, q, b) {
|
| 405 | var t, c = ~(b-1);
|
| 406 | for (var i = 0; i < 16; i++) {
|
| 407 | t = c & (p[i] ^ q[i]);
|
| 408 | p[i] ^= t;
|
| 409 | q[i] ^= t;
|
| 410 | }
|
| 411 | }
|
| 412 |
|
| 413 | function pack25519(o, n) {
|
| 414 | var i, j, b;
|
| 415 | var m = gf(), t = gf();
|
| 416 | for (i = 0; i < 16; i++) t[i] = n[i];
|
| 417 | car25519(t);
|
| 418 | car25519(t);
|
| 419 | car25519(t);
|
| 420 | for (j = 0; j < 2; j++) {
|
| 421 | m[0] = t[0] - 0xffed;
|
| 422 | for (i = 1; i < 15; i++) {
|
| 423 | m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);
|
| 424 | m[i-1] &= 0xffff;
|
| 425 | }
|
| 426 | m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);
|
| 427 | b = (m[15]>>16) & 1;
|
| 428 | m[14] &= 0xffff;
|
| 429 | sel25519(t, m, 1-b);
|
| 430 | }
|
| 431 | for (i = 0; i < 16; i++) {
|
| 432 | o[2*i] = t[i] & 0xff;
|
| 433 | o[2*i+1] = t[i]>>8;
|
| 434 | }
|
| 435 | }
|
| 436 |
|
| 437 | function unpack25519(o, n) {
|
| 438 | var i;
|
| 439 | for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);
|
| 440 | o[15] &= 0x7fff;
|
| 441 | }
|
| 442 |
|
| 443 | function inv25519(o, i) {
|
| 444 | var c = gf();
|
| 445 | var a;
|
| 446 | for (a = 0; a < 16; a++) c[a] = i[a];
|
| 447 | for (a = 253; a >= 0; a--) {
|
| 448 | S(c, c);
|
| 449 | if(a !== 2 && a !== 4) M(c, c, i);
|
| 450 | }
|
| 451 | for (a = 0; a < 16; a++) o[a] = c[a];
|
| 452 | }
|
| 453 |
|
| 454 | function car25519(o) {
|
| 455 | var i, v, c = 1;
|
| 456 | for (i = 0; i < 16; i++) {
|
| 457 | v = o[i] + c + 65535;
|
| 458 | c = Math.floor(v / 65536);
|
| 459 | o[i] = v - c * 65536;
|
| 460 | }
|
| 461 | o[0] += c-1 + 37 * (c-1);
|
| 462 | }
|
| 463 |
|
| 464 | module.exports = {
|
| 465 | gf,
|
| 466 | A,
|
| 467 | Z,
|
| 468 | M,
|
| 469 | S,
|
| 470 | sel25519,
|
| 471 | pack25519,
|
| 472 | unpack25519,
|
| 473 | inv25519,
|
| 474 | gf0,
|
| 475 | gf1,
|
| 476 | _9,
|
| 477 | _121665,
|
| 478 | D,
|
| 479 | D2,
|
| 480 | X,
|
| 481 | Y,
|
| 482 | I
|
| 483 | }
|