From 6e01cc3cce635b34d360999b81d0ec4c78813394 Mon Sep 17 00:00:00 2001
From: cgeek <cem.moreau@gmail.com>
Date: Thu, 9 Oct 2014 13:18:50 +0200
Subject: [PATCH] Externalized naclb library
---
app/lib/crypto.js | 2 +-
naclb/binding.gyp | 8 -
naclb/index.js | 2 -
naclb/nacl.cc | 95 -----
naclb/package.json | 15 -
naclb/randombytes.cpp | 41 --
naclb/randombytes.h | 1 -
naclb/test.js | 29 --
naclb/tweetnacl.cpp | 945 ------------------------------------------
naclb/tweetnacl.h | 30 --
package.json | 2 +-
11 files changed, 2 insertions(+), 1168 deletions(-)
delete mode 100644 naclb/binding.gyp
delete mode 100644 naclb/index.js
delete mode 100644 naclb/nacl.cc
delete mode 100644 naclb/package.json
delete mode 100644 naclb/randombytes.cpp
delete mode 100644 naclb/randombytes.h
delete mode 100644 naclb/test.js
delete mode 100644 naclb/tweetnacl.cpp
delete mode 100644 naclb/tweetnacl.h
diff --git a/app/lib/crypto.js b/app/lib/crypto.js
index c4261665e..4c7c51cb5 100644
--- a/app/lib/crypto.js
+++ b/app/lib/crypto.js
@@ -1,7 +1,7 @@
var nacl = require('tweetnacl');
var scrypt = require('scrypt');
var base58 = require('./base58');
-var naclBinding = require('../../naclb');
+var naclBinding = require('naclb');
const crypto_sign_BYTES = 64;
var SEED_LENGTH = 32; // Length of the key
diff --git a/naclb/binding.gyp b/naclb/binding.gyp
deleted file mode 100644
index d03fd829a..000000000
--- a/naclb/binding.gyp
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "targets": [
- {
- "target_name": "nacl",
- "sources": [ "nacl.cc", "tweetnacl.cpp", "randombytes.cpp" ]
- }
- ]
-}
diff --git a/naclb/index.js b/naclb/index.js
deleted file mode 100644
index 66e894af7..000000000
--- a/naclb/index.js
+++ /dev/null
@@ -1,2 +0,0 @@
-// Exposes 2 methods: verify(msg, sig, pub), sign(msg, sec)
-module.exports = require('bindings')('nacl');
diff --git a/naclb/nacl.cc b/naclb/nacl.cc
deleted file mode 100644
index 0ce87332b..000000000
--- a/naclb/nacl.cc
+++ /dev/null
@@ -1,95 +0,0 @@
-#include <node.h>
-#include <v8.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "tweetnacl.h"
-
-typedef unsigned char u8;
-typedef unsigned int u32;
-typedef unsigned long long u64;
-typedef long long i64;
-typedef i64 gf[16];
-
-const int crypto_sign_BYTES = 64;
-
-using namespace v8;
-
-/**
-* Verifies a signature using Ed25519 scheme.
-*
-* arg0 (Uint8Array): clear message to be verified
-* arg1 (Uint8Array): signature to check message against
-* arg2 (Uint8Array): public key to use for verification
-*/
-Handle<Value> Verify(const Arguments& args) {
- HandleScope scope;
-
- // Reading clear message
- Local<Object> msg = args[0]->ToObject();
- u64 mlen = msg->GetIndexedPropertiesExternalArrayDataLength();
- u8* m = static_cast<u8*>(msg->GetIndexedPropertiesExternalArrayData());
-
- // Reading detached signature
- Local<Object> sig = args[1]->ToObject();
- u64 smlen = sig->GetIndexedPropertiesExternalArrayDataLength();
- const u8* sm = static_cast<u8*>(sig->GetIndexedPropertiesExternalArrayData());
-
- // Reading public key
- Local<Object> pub = args[2]->ToObject();
- const u8* pubk = static_cast<u8*>(pub->GetIndexedPropertiesExternalArrayData());
-
- // Verifying authenticity
- int res = crypto_sign_open(m,&mlen,sm,smlen,pubk);
- if (res == 0)
- // Good signature
- return scope.Close(Boolean::New(true));
- else
- // Wrong signature or error
- return scope.Close(Boolean::New(false));
-}
-
-/**
-* Signs a message using Ed25519 scheme.
-*
-* arg0 (Uint8Array): clear message to be signed
-* arg1 (Uint8Array): sec key to use for verification
-*/
-Handle<Value> Sign(const Arguments& args) {
- HandleScope scope;
-
- // Reading clear message
- Local<Object> msg = args[0]->ToObject();
- u64 mlen = msg->GetIndexedPropertiesExternalArrayDataLength();
- const u8* m = static_cast<u8*>(msg->GetIndexedPropertiesExternalArrayData());
-
- // Reading public key
- Local<Object> sec = args[1]->ToObject();
- const u8* seck = static_cast<u8*>(sec->GetIndexedPropertiesExternalArrayData());
-
- u8* sm;
- u64 smlen = 0;
-
- sm = (u8*) malloc(mlen + crypto_sign_BYTES);
-
- // Signing
- crypto_sign(sm,&smlen,m,mlen,seck);
-
- // Result
- Local<Value> size = Integer::NewFromUnsigned(smlen);
- Local<Object> array = Array::New(size->IntegerValue());
-
- for (int i = 0; i < size->IntegerValue(); i++) {
- array->Set(i, Integer::NewFromUnsigned(sm[i]));
- }
-
- return scope.Close(array);
-}
-
-void Init(Handle<Object> exports) {
- exports->Set(String::NewSymbol("verify"),
- FunctionTemplate::New(Verify)->GetFunction());
- exports->Set(String::NewSymbol("sign"),
- FunctionTemplate::New(Sign)->GetFunction());
-}
-
-NODE_MODULE(nacl, Init)
diff --git a/naclb/package.json b/naclb/package.json
deleted file mode 100644
index 4016b1438..000000000
--- a/naclb/package.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "name": "naclb",
- "version": "0.0.1",
- "description": "Node.js Addon for NaCl Binding",
- "main": "index.js",
- "private": true,
- "scripts": {
- "test": "node test.js"
- },
- "gypfile": true,
- "dependencies": {
- "bindings": "~1.2.1",
- "nan": "^1.3.0"
- }
-}
diff --git a/naclb/randombytes.cpp b/naclb/randombytes.cpp
deleted file mode 100644
index 66f3d720a..000000000
--- a/naclb/randombytes.cpp
+++ /dev/null
@@ -1,41 +0,0 @@
-#ifdef WIN32
-#include "Windows.h"
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-
-void randombytes(unsigned char * ptr,unsigned int length)
-{
- char failed = 0;
-#ifdef WIN32
- static HCRYPTPROV prov = 0;
- if (prov == 0) {
- if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, 0)) {
- failed = 1;
- }
- }
- if (!failed && !CryptGenRandom(prov, length, ptr)) {
- failed = 1;
- }
-#else
- FILE* fh = fopen("/dev/urandom", "rb");
- if (fh != NULL) {
- if (fread(ptr, length, 1, fh) == 0) {
- failed = 1;
- }
- fclose(fh);
- } else {
- failed = 1;
- }
-#endif
- /*
- * yes, this is horrible error handling but we don't have better
- * options from here and I don't want to start changing the design
- * of the library
- */
- if (failed) {
- fprintf(stderr, "Generating random data failed. Please report "
- "this to https://github.com/ultramancool\n");
- exit(1);
- }
-}
diff --git a/naclb/randombytes.h b/naclb/randombytes.h
deleted file mode 100644
index 7601c676c..000000000
--- a/naclb/randombytes.h
+++ /dev/null
@@ -1 +0,0 @@
-void randombytes(unsigned char * ptr,unsigned int length);
diff --git a/naclb/test.js b/naclb/test.js
deleted file mode 100644
index 0bc5cfca3..000000000
--- a/naclb/test.js
+++ /dev/null
@@ -1,29 +0,0 @@
-var addon = require('bindings')('nacl');
-var nacl = require('tweetnacl');
-var base58 = require('../app/lib/base58');
-
-var rawPub = "HgTTJLAQ5sqfknMq7yLPZbehtuLSsKj9CxWN7k8QvYJd";
-var rawMsg = "UID:CAT\nMETA:TS:1411321474\n";
-var rawSig = "YvMQqaOAgLtnJzg5ZGhI17sZvXjGgzpSMxNz8ikttMspU5/45MQAqnOfuJnfbrzkkspGlUUjDnUPsOmHPcVyBQ==";
-var rawSec = "51w4fEShBk1jCMauWu4mLpmDVfHksKmWcygpxriqCEZizbtERA6de4STKRkQBpxmMUwsKXRjSzuQ8ECwmqN1u2DP";
-
-var msg = nacl.util.decodeUTF8(rawMsg);
-var sig = nacl.util.decodeBase64(rawSig);
-var pub = base58.decode(rawPub);
-var sec = base58.decode(rawSec);
-
-const crypto_sign_BYTES = 64;
-// checkArrayTypes(msg, sig, publicKey);
-// if (sig.length !== crypto_sign_BYTES)
-// throw new Error('bad signature size');
-// if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
-// throw new Error('bad public key size');
-var start = new Date();
-var sm = new Uint8Array(crypto_sign_BYTES + msg.length);
-var m = new Uint8Array(crypto_sign_BYTES + msg.length);
-var i;
-for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];
-for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];
-
-// console.log(addon.verify(m, sm, pub));
-// console.log(addon.sign(m, sec));
diff --git a/naclb/tweetnacl.cpp b/naclb/tweetnacl.cpp
deleted file mode 100644
index b05992834..000000000
--- a/naclb/tweetnacl.cpp
+++ /dev/null
@@ -1,945 +0,0 @@
-#include "tweetnacl.h"
-#include "randombytes.h"
-
-#define FOR(i,n) for (i = 0;i < n;++i)
-#define sv static void
-
-static const u8 _0[16] = {}, _9[32] = {9};
-
-static const gf gf0 = {}, gf1 = {1}, _121665 = {0xDB41, 1}, D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab,
- 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203}, D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0,
- 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406}, X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231,
- 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169}, Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
- 0x6666, 0x6666}, I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
-
-static
-u32 L32(u32 x, int c){
- return (x << c) | (x >> (32 - c));
-}
-
-static u32
-ld32(const u8 * x)
-{
- u32 u = x[3];
- u = (u << 8) | x[2];
- u = (u << 8) | x[1];
- return (u << 8) | x[0];
-}
-
-static u64
-dl64(const u8 * x)
-{
- u64 i, u = 0;
- FOR(i, 8) u = (u << 8) | x[i];
- return u;
-}
-
-sv
-st32(u8 * x, u32 u)
-{
- int i;
- FOR(i, 4) {
- x[i] = u;
- u >>= 8;
- }
-}
-
-sv
-ts64(u8 * x, u64 u)
-{
- int i;
- for (i = 7; i >= 0; --i) {
- x[i] = u;
- u >>= 8;
- }
-}
-
-static int
-vn(const u8 * x, const u8 * y, int n)
-{
- u32 i, d = 0;
- FOR(i, n) d |= x[i] ^ y[i];
- return (1 & ((d - 1) >> 8)) - 1;
-}
-
-int
-crypto_verify_16(const u8 * x, const u8 * y){
- return vn(x, y, 16);
-}
-
-int
-crypto_verify_32(const u8 * x, const u8 * y){
- return vn(x, y, 32);
-}
-
-sv
-core(u8 * out,
- const u8 * in, const u8 * k, const u8 * c, int h)
-{
- u32 w[16], x[16], y[16], t[4];
- int i, j, m;
- FOR(i, 4) {
- x[5 * i] = ld32(c + 4 * i);
- x[1 + i] = ld32(k + 4 * i);
- x[6 + i] = ld32(in + 4 * i);
- x[11 + i] = ld32(k + 16 + 4 * i);
- }
- FOR(i, 16) y[i] = x[i];
- FOR(i, 20) {
- FOR(j, 4) {
- FOR(m, 4) t[m] = x[(5 * j + 4 * m) % 16];
- t[1] ^= L32(t[0] + t[3], 7);
- t[2] ^= L32(t[1] + t[0], 9);
- t[3] ^= L32(t[2] + t[1], 13);
- t[0] ^= L32(t[3] + t[2], 18);
- FOR(m, 4) w[4 * j + (j + m) % 4] = t[m];
- }
- FOR(m, 16) x[m] = w[m];
- }
- if (h) {
- FOR(i, 16) x[i] += y[i];
- FOR(i, 4) {
- x[5 * i] -= ld32(c + 4 * i);
- x[6 + i] -= ld32(in + 4 * i);
- }
- FOR(i, 4) {
- st32(out + 4 * i, x[5 * i]);
- st32(out + 16 + 4 * i, x[6 + i]);
- }
- } else {
- FOR(i, 16) st32(out + 4 * i, x[i] + y[i]);
- }
-}
-
-int
-crypto_core_salsa20(u8 * out, const u8 * in, const u8 * k, const u8 * c){
- core(out, in, k, c, 0);
- return 0;
-}
-
-int
-crypto_core_hsalsa20(u8 * out, const u8 * in, const
- u8 * k, const u8 * c)
-{
- core(out, in, k, c, 1);
- return 0;
-}
-
-static const u8 sigma[16] = "expand 32-bytek";
-
-int
-crypto_stream_salsa20_xor(u8 * c, const u8 * m, u64
- b, const u8 * n, const u8 * k)
-{
- u8 z[16], x[64];
- u32 u, i;
- if (!b) {
- return 0;
- }
- FOR(i, 16) {
- z[i] = 0;
- }
- FOR(i, 8) {
- z[i] = n[i];
- }
- while (b >= 64) {
- crypto_core_salsa20(x, z, k, sigma);
- FOR(i, 64) {
- c[i] = (m ? m[i] : 0) ^ x[i];
- }
- u = 1;
- for (i = 8; i < 16; ++i) {
- u += (u32) z[i];
- z[i] = u;
- u >>= 8;
- }
- b -= 64;
- c += 64;
- if (m) {
- m += 64;
- }
- }
- if (b) {
- crypto_core_salsa20(x, z, k, sigma);
- FOR(i, b) {
- c[i] = (m ? m[i] : 0) ^ x[i];
- }
- }
- return 0;
-}
-
-int
-crypto_stream_salsa20(u8 * c, u64 d, const u8 * n, const u8 * k)
-{
- return crypto_stream_salsa20_xor(c, 0, d, n, k);
-}
-
-int crypto_stream(u8 * c, u64 d, const u8 * n, const u8 * k){
- u8 s[32];
- crypto_core_hsalsa20(s, n, k, sigma);
- return crypto_stream_salsa20(c, d, n + 16, s);
-}
-
-int
-crypto_stream_xor(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k)
-{
- u8 s[32];
- crypto_core_hsalsa20(s, n, k, sigma);
- return crypto_stream_salsa20_xor(c, m, d, n + 16, s);
-}
-
-sv
-add1305(u32 * h, const u32 * c)
-{
- u32 j, u = 0;
- FOR(j, 17) {
- u += h[j] + c[j];
- h[j] = u & 255;
- u >>= 8;
- }
-}
-
-static const u32 minusp[17] = {5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252};
-
-int
-crypto_onetimeauth(u8 * out, const u8 * m, u64 n, const u8 * k)
-{
- u32 s, i, j, u, x[17], r[17], h[17], c[17], g[17];
- FOR(j, 17) {
- r[j] = h[j] = 0;
- }
- FOR(j, 16) {
- r[j] = k[j];
- }
- r[3] &= 15;
- r[4] &= 252;
- r[7] &= 15;
- r[8] &= 252;
- r[11] &= 15;
- r[12] &= 252;
- r[15] &= 15;
- while (n > 0) {
- FOR(j, 17) {
- c[j] = 0;
- }
- for (j = 0; (j < 16) && (j < n); ++j) {
- c[j] = m[j];
- }
- c[j] = 1;
- m += j;
- n -= j;
- add1305(h, c);
- FOR(i, 17) {
- x[i] = 0;
- FOR(j, 17) {
- x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]);
- }
- }
- FOR(i, 17) {
- h[i] = x[i];
- }
- u = 0;
- FOR(j, 16) {
- u += h[j];
- h[j] = u & 255;
- u >>= 8;
- }
- u += h[16];
- h[16] = u & 3;
- u = 5 * (u >> 2);
- FOR(j, 16) {
- u += h[j];
- h[j] = u & 255;
- u >>= 8;
- }
- u += h[16];
- h[16] = u;
- }
- FOR(j, 17) {
- g[j] = h[j];
- }
- add1305(h, minusp);
- s = -(h[16] >> 7);
- FOR(j, 17) {
- h[j] ^= s & (g[j] ^ h[j]);
- }
- FOR(j, 16) {
- c[j] = k[j + 16];
- }
- c[16] = 0;
- add1305(h, c);
- FOR(j, 16) {
- out[j] = h[j];
- }
- return 0;
-}
-
-int
-crypto_onetimeauth_verify(const u8 * h, const u8 * m, u64 n, const u8 * k)
-{
- u8 x[16];
- crypto_onetimeauth(x, m, n, k);
- return crypto_verify_16(h, x);
-}
-
-int
-crypto_secretbox(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k)
-{
- int i;
- if (d < 32) {
- return -1;
- }
- crypto_stream_xor(c, m, d, n, k);
- crypto_onetimeauth(c + 16, c + 32, d - 32, c);
- FOR(i, 16) {
- c[i] = 0;
- }
- return 0;
-}
-
-int
-crypto_secretbox_open(u8 * m, const u8 * c, u64 d, const u8 * n, const u8 * k)
-{
- int i;
- u8 x[32];
- if (d < 32) {
- return -1;
- }
- crypto_stream(x, 32, n, k);
- if (crypto_onetimeauth_verify(c + 16, c + 32, d - 32, x) != 0) {
- return -1;
- }
- crypto_stream_xor(m, c, d, n, k);
- FOR(i, 32) {
- m[i] = 0;
- }
- return 0;
-}
-
-sv
-set25519(gf r, const gf a)
-{
- int i;
- FOR(i, 16) {
- r[i] = a[i];
- }
-}
-
-sv
-car25519(gf o)
-{
- int
- i;
- i64 c;
- FOR(i, 16) {
- o[i] += (1 << 16);
- c = o[i] >> 16;
- o[(i + 1) * (i < 15)] += c - 1 + 37 * (c - 1) * (i == 15);
- o[i] -= c << 16;
- }
-}
-
-sv
-sel25519(gf p, gf q, int b)
-{
- i64 t, i, c = ~(b - 1);
- FOR(i, 16) {
- t = c & (p[i] ^ q[i]);
- p[i] ^= t;
- q[i] ^= t;
- }
-}
-
-sv pack25519(u8 * o, const gf n){
- int i, j, b;
- gf m, t;
- FOR(i, 16) t[i] = n[i];
- car25519(t);
- car25519(t);
- car25519(t);
- FOR(j, 2) {
- m[0] = t[0] - 0xffed;
- for (i = 1; i < 15; i++) {
- m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);
- m[i - 1] &= 0xffff;
- }
- m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);
- b = (m[15] >> 16) & 1;
- m[15] &= 0xffff;
- sel25519(t, m, 1 - b);
- }
- FOR(i, 16) {
- o[2 * i] = t[i] & 0xff;
- o[2 * i + 1] = t[i] >> 8;
- }
-}
-
-static int
-neq25519(const gf a, const gf b)
-{
- u8 c[32], d[32];
- pack25519(c, a);
- pack25519(d, b);
- return crypto_verify_32(c, d);
-}
-
-static u8 par25519(const gf a){
- u8 d[32];
- pack25519(d, a);
- return d[0] & 1;
-}
-
-sv unpack25519(gf o, const u8 * n){
- int i;
- FOR(i, 16) {
- o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8);
- }
- o[15] &= 0x7fff;
-}
-
-sv
-A(gf o, const gf a, const gf b)
-{
- int i;
- FOR(i, 16) {
- o[i] = a[i] + b[i];
- }
-}
-
-sv
-Z(gf o, const gf a, const gf b)
-{
- int i;
- FOR(i, 16) {
- o[i] = a[i] - b[i];
- }
-}
-
-sv
-M(gf o, const gf a, const gf b)
-{
- i64 i, j, t[31];
- FOR(i, 31) {
- t[i] = 0;
- }
- FOR(i, 16) {
- FOR(j, 16) {
- t[i + j] += a[i] * b[j];
- }
- }
- FOR(i, 15) {
- t[i] += 38 * t[i + 16];
- }
- FOR(i, 16) {
- o[i] = t[i];
- }
- car25519(o);
- car25519(o);
-}
-
-sv
-S(gf o, const gf a)
-{
- M(o, a, a);
-}
-
-sv inv25519(gf o, const gf i){
- gf c;
- int a;
- FOR(a, 16) {
- c[a] = i[a];
- }
- for (a = 253; a >= 0; a--) {
- S(c, c);
- if (a != 2 && a != 4) {
- M(c, c, i);
- }
- }
- FOR(a, 16) {
- o[a] = c[a];
- }
-}
-
-sv
-pow2523(gf o, const gf i){
- gf c;
- int a;
- FOR(a, 16) {
- c[a] = i[a];
- }
- for (a = 250; a >= 0; a--) {
- S(c, c);
- if (a != 1) {
- M(c, c, i);
- }
- }
- FOR(a, 16) {
- o[a] = c[a];
- }
-}
-
-int
-crypto_scalarmult(u8 * q, const u8 * n, const u8 * p)
-{
- u8 z[32];
- i64 x[96], r, i;
- gf a, b, c, d, e, f;
- FOR(i, 31) {
- z[i] = n[i];
- }
- z[31] = (n[31] & 127) | 64;
- z[0] &= 248;
- unpack25519(x, p);
- FOR(i, 16) {
- b[i] = x[i];
- d[i] = a[i] = c[i] = 0;
- }
- a[0] = d[0] = 1;
- for (i = 254; i >= 0; --i) {
- r = (z[i >> 3] >> (i & 7)) & 1;
- sel25519(a, b, r);
- sel25519(c, d, r);
- A(e, a, c);
- Z(a, a, c);
- A(c, b, d);
- Z(b, b, d);
- S(d, e);
- S(f, a);
- M(a, c, a);
- M(c, b, e);
- A(e, a, c);
- Z(a, a, c);
- S(b, a);
- Z(c, d, f);
- M(a, c, _121665);
- A(a, a, d);
- M(c, c, a);
- M(a, d, f);
- M(d, b, x);
- S(b, e);
- sel25519(a, b, r);
- sel25519(c, d, r);
- }
- FOR(i, 16) {
- x[i + 32] = a[i];
- x[i + 48] = c[i];
- x[i + 64] = b[i];
- x[i + 80] = d[i];
- }
- inv25519(x + 48, x + 48);
- M(x + 32, x + 32, x + 48);
- pack25519(q, x + 32);
- return 0;
-}
-
-int
-crypto_scalarmult_base(u8 * q, const u8 * n){
- return crypto_scalarmult(q, n, _9);
-}
-
-int
-crypto_box_keypair(u8 * y, u8 * x) {
- randombytes(x, 32);
- return crypto_scalarmult_base(y, x);
-}
-
-int
-crypto_box_beforenm(u8 * k, const u8 * y, const u8 * x)
-{
- u8 s[32];
- crypto_scalarmult(s, x, y);
- return crypto_core_hsalsa20(k, _0, s, sigma);
-}
-
-int
-crypto_box_afternm(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k)
-{
- return crypto_secretbox(c, m, d, n, k);
-}
-
-int
-crypto_box_open_afternm(u8 * m, const u8 * c, u64 d, const u8 * n, const u8 * k)
-{
- return crypto_secretbox_open(m, c, d, n, k);
-}
-
-int
-crypto_box(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * y, const u8 * x){
- u8 k[32];
- crypto_box_beforenm(k, y, x);
- return crypto_box_afternm(c, m, d, n, k);
-}
-
-int
-crypto_box_open(u8 * m, const u8 * c, u64 d, const u8 * n, const u8 * y, const u8 * x)
-{
- u8 k[32];
- crypto_box_beforenm(k, y, x);
- return crypto_box_open_afternm(m, c, d, n, k);
-}
-
-static u64 R(u64 x, int c){
- return (x >> c) | (x << (64 - c));
-}
-
-static u64
-Ch(u64 x, u64 y, u64 z)
-{
- return (x & y) ^ (~x & z);
-}
-
-static u64 Maj(u64 x, u64 y, u64 z) {
- return (x & y) ^ (x & z) ^ (y & z);
-}
-
-static u64 Sigma0(u64 x) {
- return R(x, 28) ^ R(x, 34) ^ R(x, 39);
-}
-
-static u64
- Sigma1(u64 x) {
- return R(x, 14) ^ R(x, 18) ^ R(x, 41);
-}
-
-static u64 sigma0(u64 x) {
- return R(x, 1) ^ R(x, 8) ^ (x >> 7);
-}
-
-static u64
-sigma1(u64 x)
-{
- return R(x, 19) ^ R(x, 61) ^ (x >> 6);
-}
-
-static const u64 K[80] = {0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
- 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
- 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
- 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
- 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
- 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
- 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
- 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
- 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
- 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
- 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
- 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
- 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
- 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL};
-
-int
-crypto_hashblocks(u8 * x, const u8 * m, u64 n)
-{
- u64 z[8], b[8], a[8], w[16], t;
- int i, j;
- FOR(i, 8) {
- z[i] = a[i] = dl64(x + 8 * i);
- }
- while (n >= 128) {
- FOR(i, 16) {
- w[i] = dl64(m + 8 * i);
- }
- FOR(i, 80) {
- FOR(j, 8) {
- b[j] = a[j];
- }
- t = a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16];
- b[7] = t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]);
- b[3] += t;
- FOR(j, 8) a[(j + 1) % 8] = b[j];
- if (i % 16 == 15) {
- FOR(j, 16) w[j] += w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + sigma1(w[(j + 14) % 16]);
- }
- }
- FOR(i, 8) {
- a[i] += z[i];
- z[i] = a[i];
- }
- m += 128;
- n -= 128;
- }
- FOR(i, 8) {
- ts64(x + 8 * i, z[i]);
- }
- return n;
-}
-
-static
-const u8 iv[64] = {0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae, 0x85, 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94, 0xf8, 0x2b,
- 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51, 0x0e, 0x52, 0x7f, 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c, 0x2b, 0x3e, 0x6c, 0x1f, 0x1f, 0x83, 0xd9, 0xab,
- 0xfb, 0x41, 0xbd, 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79};
-
-int
-crypto_hash(u8 * out, const u8 * m, u64 n)
-{
- u8 h[64], x[256];
- u64 i, b = n;
- FOR(i, 64) {
- h[i] = iv[i];
- }
- crypto_hashblocks(h, m, n);
- m += n;
- n &= 127;
- m -= n;
- FOR(i, 256) {
- x[i] = 0;
- }
- FOR(i, n) {
- x[i] = m[i];
- }
- x[n] = 128;
- n = 256 - 128 * (n < 112);
- x[n - 9] = b >> 61;
- ts64(x + n - 8, b << 3);
- crypto_hashblocks(h, x, n);
- FOR(i, 64) {
- out[i] = h[i];
- }
- return 0;
-}
-
-sv add(gf p[4], gf q[4]) {
- gf a, b, c, d, t, e, f, g, h;
- Z(a, p[1], p[0]);
- Z(t, q[1], q[0]);
- M(a, a, t);
- A(b, p[0], p[1]);
- A(t, q[0], q[1]);
- M(b, b, t);
- M(c, p[3], q[3]);
- M(c, c, D2);
- M(d, p[2], q[2]);
- A(d, d, d);
- Z(e, b, a);
- Z(f, d, c);
- A(g, d, c);
- A(h, b, a);
- M(p[0], e, f);
- M(p[1], h, g);
- M(p[2], g, f);
- M(p[3], e, h);
-}
-
-sv cswap(gf p[4], gf q[4], u8 b) {
- int i;
- FOR(i, 4) {
- sel25519(p[i], q[i], b);
- }
-}
-
-sv
-pack(u8 * r, gf p[4])
-{
- gf tx, ty, zi;
- inv25519(zi, p[2]);
- M(tx, p[0], zi);
- M(ty, p[1], zi);
- pack25519(r, ty);
- r[31] ^= par25519(tx) << 7;
-}
-
-sv
-scalarmult(gf p[4], gf q[4], const u8 * s)
-{
- int i;
- set25519(p[0], gf0);
- set25519(p[1], gf1);
- set25519(p[2], gf1);
- set25519(p[3], gf0);
- for (i = 255; i >= 0; --i) {
- u8 b = (s[i / 8] >> (i & 7)) & 1;
- cswap(p, q, b);
- add(q, p);
- add(p, p);
- cswap(p, q, b);
- }
-}
-
-sv
-scalarbase(gf p[4], const u8 * s){
- gf q[4];
- set25519(q[0], X);
- set25519(q[1], Y);
- set25519(q[2], gf1);
- M(q[3], X, Y);
- scalarmult(p, q, s);
-}
-
-int
-crypto_sign_keypair(u8 * pk, u8 * sk) {
- u8 d[64];
- gf p[4];
- int i;
- randombytes(sk, 32);
- crypto_hash(d, sk, 32);
- d[0] &= 248;
- d[31] &= 127;
- d[31] |= 64;
- scalarbase(p, d);
- pack(pk, p);
- FOR(i, 32) {
- sk[32 + i] = pk[i];
- }
- return 0;
-}
-
-static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6,
- 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10};
-
-sv
-modL(u8 * r, i64 x[64])
-{
- i64 carry, i, j;
- for (i = 63; i >= 32; --i) {
- carry = 0;
- for(j = i - 32; j < i - 12; ++j) {
- x[j] += carry - 16 * x[i] * L[j - (i - 32)];
- carry = (x[j] + 128) >> 8;
- x[j] -= carry << 8;
- }
- x[j] += carry;
- x[i] = 0;
- } carry = 0;
- FOR(j, 32) {
- x[j] += carry - (x[31] >> 4) * L[j];
- carry = x[j] >> 8;
- x[j] &= 255;
- }
- FOR(j, 32) {
- x[j] -= carry * L[j];
- }
- FOR(i, 32) {
- x[i + 1] += x[i] >> 8;
- r[i] = x[i] & 255;
- }
-}
-
-sv
-reduce(u8 * r)
-{
- i64 x[64], i;
- FOR(i, 64) {
- x[i] = (u64) r[i];
- }
- FOR(i, 64) {
- r[i] = 0;
- }
- modL(r, x);
-}
-
-int
-crypto_sign(u8 * sm, u64 * smlen, const u8 * m, u64 n, const u8 * sk)
-{
- u8 d[64], h[64], r[64];
- i64 i, j, x[64];
- gf p[4];
- crypto_hash(d, sk, 32);
- d[0] &= 248;
- d[31] &= 127;
- d[31] |= 64;
- *smlen = n + 64;
- FOR(i, n) {
- sm[64 + i] = m[i];
- }
- FOR(i, 32) {
- sm[32 + i] = d[32 + i];
- }
- crypto_hash(r, sm + 32, n + 32);
- reduce(r);
- scalarbase(p, r);
- pack(sm, p);
- FOR(i, 32) {
- sm[i + 32] = sk[i + 32];
- }
- crypto_hash(h, sm, n + 64);
- reduce(h);
- FOR(i, 64) {
- x[i] = 0;
- }
- FOR(i, 32) {
- x[i] = (u64) r[i];
- }
- FOR(i, 32) {
- FOR(j, 32) {
- x[i + j] += h[i] * (u64) d[j];
- }
- }
- modL(sm + 32, x);
- return 0;
-}
-
-static int
-unpackneg(gf r[4], const u8 p[32])
-{
- gf t, chk, num, den, den2, den4, den6;
- set25519(r[2], gf1);
- unpack25519(r[1], p);
- S(num, r[1]);
- M(den, num, D);
- Z(num, num, r[2]);
- A(den, r[2], den);
- S(den2, den);
- S(den4, den2);
- M(den6,
- den4, den2);
- M(t, den6, num);
- M(t, t, den);
- pow2523(t, t);
- M(t, t, num);
- M(t, t, den);
- M(t, t, den);
- M(r[0], t, den);
- S(chk, r[0]);
- M(chk, chk, den);
- if (neq25519(chk, num)) {
- M(r[0], r[0], I);
- }
- S(chk, r[0]);
- M(chk, chk, den);
- if (neq25519(chk, num)) {
- return -1;
- }
- if (par25519(r[0]) == (p[31] >> 7)) {
- Z(r[0], gf0, r[0]);
- }
- M(r[3], r[0], r[1]);
- return 0;
-}
-
-int
-crypto_sign_open(u8 * m, u64 * mlen, const u8 * sm, u64 n, const u8 * pk)
-{
- int i;
- u8 t[32], h[64];
- gf p[4], q[4];
- *mlen = -1;
- if (n < 64) {
- return -1;
- }
- if (unpackneg(q, pk)) {
- return -1;
- }
- FOR(i, n) {
- m[i] = sm[i];
- }
- FOR(i, 32) {
- m[i + 32] = pk[i];
- }
- crypto_hash(h, m, n);
- reduce(h);
- scalarmult(p, q, h);
- scalarbase(q, sm + 32);
- add(p, q);
- pack(t, p);
- n -= 64;
- if (crypto_verify_32(sm, t)) {
- FOR(i, n) {
- m[i] = 0;
- }
- return -1;
- }
- FOR(i, n) {
- m[i] = sm[i + 64];
- }
- *mlen = n;
- return 0;
-}
diff --git a/naclb/tweetnacl.h b/naclb/tweetnacl.h
deleted file mode 100644
index 7b1c2633b..000000000
--- a/naclb/tweetnacl.h
+++ /dev/null
@@ -1,30 +0,0 @@
-typedef unsigned char u8;
-typedef unsigned int u32;
-typedef unsigned long long u64;
-typedef long long i64;
-typedef i64 gf[16];
-
-int crypto_verify_16(const u8 * x, const u8 * y);
-int crypto_verify_32(const u8 * x, const u8 * y);
-int crypto_core_salsa20(u8 * out, const u8 * in, const u8 * k, const u8 * c);
-int crypto_core_hsalsa20(u8 * out, const u8 * in, const u8 * k, const u8 * c);
-int crypto_stream_salsa20_xor(u8 * c, const u8 * m, u64 b, const u8 * n, const u8 * k);
-int crypto_stream_salsa20(u8 * c, u64 d, const u8 * n, const u8 * k);
-int crypto_stream(u8 * c, u64 d, const u8 * n, const u8 * k);
-int crypto_stream_xor(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k);
-int crypto_onetimeauth(u8 * out, const u8 * m, u64 n, const u8 * k);
-int crypto_onetimeauth_verify(const u8 * h, const u8 * m, u64 n, const u8 * k);
-int crypto_secretbox(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k);
-int crypto_secretbox_open(u8 * m, const u8 * c, u64 d, const u8 * n, const u8 * k);
-int crypto_scalarmult(u8 * q, const u8 * n, const u8 * p);
-int crypto_scalarmult_base(u8 * q, const u8 * n);
-int crypto_box_keypair(u8 * y, u8 * x);
-int crypto_box_beforenm(u8 * k, const u8 * y, const u8 * x);
-int crypto_box_afternm(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * k);
-int crypto_box(u8 * c, const u8 * m, u64 d, const u8 * n, const u8 * y, const u8 * x);
-int crypto_box_open(u8 * m, const u8 * c, u64 d, const u8 * n, const u8 * y, const u8 * x);
-int crypto_hashblocks(u8 * x, const u8 * m, u64 n);
-int crypto_hash(u8 * out, const u8 * m, u64 n);
-int crypto_sign_keypair(u8 * pk, u8 * sk);
-int crypto_sign(u8 * sm, u64 * smlen, const u8 * m, u64 n, const u8 * sk);
-int crypto_sign_open(u8 * m, u64 * mlen, const u8 * sm, u64 n, const u8 * pk);
\ No newline at end of file
diff --git a/package.json b/package.json
index ce3e84ece..954f394e8 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
"scrypt": "3.0.1",
"bindings": "~1.2.1",
"nan": "^1.3.0",
- "naclb": "./naclb/"
+ "naclb": "0.0.1"
},
"devDependencies": {
"mocha": "",
--
GitLab