1(function(nacl) { 2'use strict'; 3 4// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. 5// Public domain. 6// 7// Implementation derived from TweetNaCl version 20140427. 8// See for details: http://tweetnacl.cr.yp.to/ 9 10var u64 = function(h, l) { this.hi = h|0 >>> 0; this.lo = l|0 >>> 0; }; 11var gf = function(init) { 12 var i, r = new Float64Array(16); 13 if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; 14 return r; 15}; 16 17// Pluggable, initialized in high-level API below. 18var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; 19 20var _0 = new Uint8Array(16); 21var _9 = new Uint8Array(32); _9[0] = 9; 22 23var gf0 = gf(), 24 gf1 = gf([1]), 25 _121665 = gf([0xdb41, 1]), 26 D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), 27 D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), 28 X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), 29 Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), 30 I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); 31 32function L32(x, c) { return (x << c) | (x >>> (32 - c)); } 33 34function ld32(x, i) { 35 var u = x[i+3] & 0xff; 36 u = (u<<8)|(x[i+2] & 0xff); 37 u = (u<<8)|(x[i+1] & 0xff); 38 return (u<<8)|(x[i+0] & 0xff); 39} 40 41function dl64(x, i) { 42 var h = (x[i] << 24) | (x[i+1] << 16) | (x[i+2] << 8) | x[i+3]; 43 var l = (x[i+4] << 24) | (x[i+5] << 16) | (x[i+6] << 8) | x[i+7]; 44 return new u64(h, l); 45} 46 47function st32(x, j, u) { 48 var i; 49 for (i = 0; i < 4; i++) { x[j+i] = u & 255; u >>>= 8; } 50} 51 52function ts64(x, i, u) { 53 x[i] = (u.hi >> 24) & 0xff; 54 x[i+1] = (u.hi >> 16) & 0xff; 55 x[i+2] = (u.hi >> 8) & 0xff; 56 x[i+3] = u.hi & 0xff; 57 x[i+4] = (u.lo >> 24) & 0xff; 58 x[i+5] = (u.lo >> 16) & 0xff; 59 x[i+6] = (u.lo >> 8) & 0xff; 60 x[i+7] = u.lo & 0xff; 61} 62 63function vn(x, xi, y, yi, n) { 64 var i,d = 0; 65 for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; 66 return (1 & ((d - 1) >>> 8)) - 1; 67} 68 69function crypto_verify_16(x, xi, y, yi) { 70 return vn(x,xi,y,yi,16); 71} 72 73function crypto_verify_32(x, xi, y, yi) { 74 return vn(x,xi,y,yi,32); 75} 76 77function core(out,inp,k,c,h) { 78 var w = new Uint32Array(16), x = new Uint32Array(16), 79 y = new Uint32Array(16), t = new Uint32Array(4); 80 var i, j, m; 81 82 for (i = 0; i < 4; i++) { 83 x[5*i] = ld32(c, 4*i); 84 x[1+i] = ld32(k, 4*i); 85 x[6+i] = ld32(inp, 4*i); 86 x[11+i] = ld32(k, 16+4*i); 87 } 88 89 for (i = 0; i < 16; i++) y[i] = x[i]; 90 91 for (i = 0; i < 20; i++) { 92 for (j = 0; j < 4; j++) { 93 for (m = 0; m < 4; m++) t[m] = x[(5*j+4*m)%16]; 94 t[1] ^= L32((t[0]+t[3])|0, 7); 95 t[2] ^= L32((t[1]+t[0])|0, 9); 96 t[3] ^= L32((t[2]+t[1])|0,13); 97 t[0] ^= L32((t[3]+t[2])|0,18); 98 for (m = 0; m < 4; m++) w[4*j+(j+m)%4] = t[m]; 99 } 100 for (m = 0; m < 16; m++) x[m] = w[m]; 101 } 102 103 if (h) { 104 for (i = 0; i < 16; i++) x[i] = (x[i] + y[i]) | 0; 105 for (i = 0; i < 4; i++) { 106 x[5*i] = (x[5*i] - ld32(c, 4*i)) | 0; 107 x[6+i] = (x[6+i] - ld32(inp, 4*i)) | 0; 108 } 109 for (i = 0; i < 4; i++) { 110 st32(out,4*i,x[5*i]); 111 st32(out,16+4*i,x[6+i]); 112 } 113 } else { 114 for (i = 0; i < 16; i++) st32(out, 4 * i, (x[i] + y[i]) | 0); 115 } 116} 117 118function crypto_core_salsa20(out,inp,k,c) { 119 core(out,inp,k,c,false); 120 return 0; 121} 122 123function crypto_core_hsalsa20(out,inp,k,c) { 124 core(out,inp,k,c,true); 125 return 0; 126} 127 128var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]); 129 // "expand 32-byte k" 130 131function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) { 132 var z = new Uint8Array(16), x = new Uint8Array(64); 133 var u, i; 134 if (!b) return 0; 135 for (i = 0; i < 16; i++) z[i] = 0; 136 for (i = 0; i < 8; i++) z[i] = n[i]; 137 while (b >= 64) { 138 crypto_core_salsa20(x,z,k,sigma); 139 for (i = 0; i < 64; i++) c[cpos+i] = (m?m[mpos+i]:0) ^ x[i]; 140 u = 1; 141 for (i = 8; i < 16; i++) { 142 u = u + (z[i] & 0xff) | 0; 143 z[i] = u & 0xff; 144 u >>>= 8; 145 } 146 b -= 64; 147 cpos += 64; 148 if (m) mpos += 64; 149 } 150 if (b > 0) { 151 crypto_core_salsa20(x,z,k,sigma); 152 for (i = 0; i < b; i++) c[cpos+i] = (m?m[mpos+i]:0) ^ x[i]; 153 } 154 return 0; 155} 156 157function crypto_stream_salsa20(c,cpos,d,n,k) { 158 return crypto_stream_salsa20_xor(c,cpos,null,0,d,n,k); 159} 160 161function crypto_stream(c,cpos,d,n,k) { 162 var s = new Uint8Array(32); 163 crypto_core_hsalsa20(s,n,k,sigma); 164 return crypto_stream_salsa20(c,cpos,d,n.subarray(16),s); 165} 166 167function crypto_stream_xor(c,cpos,m,mpos,d,n,k) { 168 var s = new Uint8Array(32); 169 crypto_core_hsalsa20(s,n,k,sigma); 170 return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,n.subarray(16),s); 171} 172 173function add1305(h, c) { 174 var j, u = 0; 175 for (j = 0; j < 17; j++) { 176 u = (u + ((h[j] + c[j]) | 0)) | 0; 177 h[j] = u & 255; 178 u >>>= 8; 179 } 180} 181 182var minusp = new Uint32Array([ 183 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 184]); 185 186function crypto_onetimeauth(out, outpos, m, mpos, n, k) { 187 var s, i, j, u; 188 var x = new Uint32Array(17), r = new Uint32Array(17), 189 h = new Uint32Array(17), c = new Uint32Array(17), 190 g = new Uint32Array(17); 191 for (j = 0; j < 17; j++) r[j]=h[j]=0; 192 for (j = 0; j < 16; j++) r[j]=k[j]; 193 r[3]&=15; 194 r[4]&=252; 195 r[7]&=15; 196 r[8]&=252; 197 r[11]&=15; 198 r[12]&=252; 199 r[15]&=15; 200 201 while (n > 0) { 202 for (j = 0; j < 17; j++) c[j] = 0; 203 for (j = 0; (j < 16) && (j < n); ++j) c[j] = m[mpos+j]; 204 c[j] = 1; 205 mpos += j; n -= j; 206 add1305(h,c); 207 for (i = 0; i < 17; i++) { 208 x[i] = 0; 209 for (j = 0; j < 17; j++) x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] : ((320 * r[i + 17 - j])|0))) | 0) | 0; 210 } 211 for (i = 0; i < 17; i++) h[i] = x[i]; 212 u = 0; 213 for (j = 0; j < 16; j++) { 214 u = (u + h[j]) | 0; 215 h[j] = u & 255; 216 u >>>= 8; 217 } 218 u = (u + h[16]) | 0; h[16] = u & 3; 219 u = (5 * (u >>> 2)) | 0; 220 for (j = 0; j < 16; j++) { 221 u = (u + h[j]) | 0; 222 h[j] = u & 255; 223 u >>>= 8; 224 } 225 u = (u + h[16]) | 0; h[16] = u; 226 } 227 228 for (j = 0; j < 17; j++) g[j] = h[j]; 229 add1305(h,minusp); 230 s = (-(h[16] >>> 7) | 0); 231 for (j = 0; j < 17; j++) h[j] ^= s & (g[j] ^ h[j]); 232 233 for (j = 0; j < 16; j++) c[j] = k[j + 16]; 234 c[16] = 0; 235 add1305(h,c); 236 for (j = 0; j < 16; j++) out[outpos+j] = h[j]; 237 return 0; 238} 239 240function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) { 241 var x = new Uint8Array(16); 242 crypto_onetimeauth(x,0,m,mpos,n,k); 243 return crypto_verify_16(h,hpos,x,0); 244} 245 246function crypto_secretbox(c,m,d,n,k) { 247 var i; 248 if (d < 32) return -1; 249 crypto_stream_xor(c,0,m,0,d,n,k); 250 crypto_onetimeauth(c, 16, c, 32, d - 32, c); 251 for (i = 0; i < 16; i++) c[i] = 0; 252 return 0; 253} 254 255function crypto_secretbox_open(m,c,d,n,k) { 256 var i; 257 var x = new Uint8Array(32); 258 if (d < 32) return -1; 259 crypto_stream(x,0,32,n,k); 260 if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1; 261 crypto_stream_xor(m,0,c,0,d,n,k); 262 for (i = 0; i < 32; i++) m[i] = 0; 263 return 0; 264} 265 266function set25519(r, a) { 267 var i; 268 for (i = 0; i < 16; i++) r[i] = a[i]|0; 269} 270 271function car25519(o) { 272 var c; 273 var i; 274 for (i = 0; i < 16; i++) { 275 o[i] += 65536; 276 c = Math.floor(o[i] / 65536); 277 o[(i+1)*(i<15?1:0)] += c - 1 + 37 * (c-1) * (i===15?1:0); 278 o[i] -= (c * 65536); 279 } 280} 281 282function sel25519(p, q, b) { 283 var t, c = ~(b-1); 284 for (var i = 0; i < 16; i++) { 285 t = c & (p[i] ^ q[i]); 286 p[i] ^= t; 287 q[i] ^= t; 288 } 289} 290 291function pack25519(o, n) { 292 var i, j, b; 293 var m = gf(), t = gf(); 294 for (i = 0; i < 16; i++) t[i] = n[i]; 295 car25519(t); 296 car25519(t); 297 car25519(t); 298 for (j = 0; j < 2; j++) { 299 m[0] = t[0] - 0xffed; 300 for (i = 1; i < 15; i++) { 301 m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); 302 m[i-1] &= 0xffff; 303 } 304 m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); 305 b = (m[15]>>16) & 1; 306 m[14] &= 0xffff; 307 sel25519(t, m, 1-b); 308 } 309 for (i = 0; i < 16; i++) { 310 o[2*i] = t[i] & 0xff; 311 o[2*i+1] = t[i]>>8; 312 } 313} 314 315function neq25519(a, b) { 316 var c = new Uint8Array(32), d = new Uint8Array(32); 317 pack25519(c, a); 318 pack25519(d, b); 319 return crypto_verify_32(c, 0, d, 0); 320} 321 322function par25519(a) { 323 var d = new Uint8Array(32); 324 pack25519(d, a); 325 return d[0] & 1; 326} 327 328function unpack25519(o, n) { 329 var i; 330 for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); 331 o[15] &= 0x7fff; 332} 333 334function A(o, a, b) { 335 var i; 336 for (i = 0; i < 16; i++) o[i] = (a[i] + b[i])|0; 337} 338 339function Z(o, a, b) { 340 var i; 341 for (i = 0; i < 16; i++) o[i] = (a[i] - b[i])|0; 342} 343 344function M(o, a, b) { 345 var i, j, t = new Float64Array(31); 346 for (i = 0; i < 31; i++) t[i] = 0; 347 for (i = 0; i < 16; i++) { 348 for (j = 0; j < 16; j++) { 349 t[i+j] += a[i] * b[j]; 350 } 351 } 352 for (i = 0; i < 15; i++) { 353 t[i] += 38 * t[i+16]; 354 } 355 for (i = 0; i < 16; i++) o[i] = t[i]; 356 car25519(o); 357 car25519(o); 358} 359 360function S(o, a) { 361 M(o, a, a); 362} 363 364function inv25519(o, i) { 365 var c = gf(); 366 var a; 367 for (a = 0; a < 16; a++) c[a] = i[a]; 368 for (a = 253; a >= 0; a--) { 369 S(c, c); 370 if(a !== 2 && a !== 4) M(c, c, i); 371 } 372 for (a = 0; a < 16; a++) o[a] = c[a]; 373} 374 375function pow2523(o, i) { 376 var c = gf(); 377 var a; 378 for (a = 0; a < 16; a++) c[a] = i[a]; 379 for (a = 250; a >= 0; a--) { 380 S(c, c); 381 if(a !== 1) M(c, c, i); 382 } 383 for (a = 0; a < 16; a++) o[a] = c[a]; 384} 385 386function crypto_scalarmult(q, n, p) { 387 var z = new Uint8Array(32); 388 var x = new Float64Array(80), r, i; 389 var a = gf(), b = gf(), c = gf(), 390 d = gf(), e = gf(), f = gf(); 391 for (i = 0; i < 31; i++) z[i] = n[i]; 392 z[31]=(n[31]&127)|64; 393 z[0]&=248; 394 unpack25519(x,p); 395 for (i = 0; i < 16; i++) { 396 b[i]=x[i]; 397 d[i]=a[i]=c[i]=0; 398 } 399 a[0]=d[0]=1; 400 for (i=254; i>=0; --i) { 401 r=(z[i>>>3]>>>(i&7))&1; 402 sel25519(a,b,r); 403 sel25519(c,d,r); 404 A(e,a,c); 405 Z(a,a,c); 406 A(c,b,d); 407 Z(b,b,d); 408 S(d,e); 409 S(f,a); 410 M(a,c,a); 411 M(c,b,e); 412 A(e,a,c); 413 Z(a,a,c); 414 S(b,a); 415 Z(c,d,f); 416 M(a,c,_121665); 417 A(a,a,d); 418 M(c,c,a); 419 M(a,d,f); 420 M(d,b,x); 421 S(b,e); 422 sel25519(a,b,r); 423 sel25519(c,d,r); 424 } 425 for (i = 0; i < 16; i++) { 426 x[i+16]=a[i]; 427 x[i+32]=c[i]; 428 x[i+48]=b[i]; 429 x[i+64]=d[i]; 430 } 431 var x32 = x.subarray(32); 432 var x16 = x.subarray(16); 433 inv25519(x32,x32); 434 M(x16,x16,x32); 435 pack25519(q,x16); 436 return 0; 437} 438 439function crypto_scalarmult_base(q, n) { 440 return crypto_scalarmult(q, n, _9); 441} 442 443function crypto_box_keypair(y, x) { 444 randombytes(x, 32); 445 return crypto_scalarmult_base(y, x); 446} 447 448function crypto_box_beforenm(k, y, x) { 449 var s = new Uint8Array(32); 450 crypto_scalarmult(s, x, y); 451 return crypto_core_hsalsa20(k, _0, s, sigma); 452} 453 454var crypto_box_afternm = crypto_secretbox; 455var crypto_box_open_afternm = crypto_secretbox_open; 456 457function crypto_box(c, m, d, n, y, x) { 458 var k = new Uint8Array(32); 459 crypto_box_beforenm(k, y, x); 460 return crypto_box_afternm(c, m, d, n, k); 461} 462 463function crypto_box_open(m, c, d, n, y, x) { 464 var k = new Uint8Array(32); 465 crypto_box_beforenm(k, y, x); 466 return crypto_box_open_afternm(m, c, d, n, k); 467} 468 469function add64() { 470 var a = 0, b = 0, c = 0, d = 0, m16 = 65535, l, h, i; 471 for (i = 0; i < arguments.length; i++) { 472 l = arguments[i].lo; 473 h = arguments[i].hi; 474 a += (l & m16); b += (l >>> 16); 475 c += (h & m16); d += (h >>> 16); 476 } 477 478 b += (a >>> 16); 479 c += (b >>> 16); 480 d += (c >>> 16); 481 482 return new u64((c & m16) | (d << 16), (a & m16) | (b << 16)); 483} 484 485function shr64(x, c) { 486 return new u64((x.hi >>> c), (x.lo >>> c) | (x.hi << (32 - c))); 487} 488 489function xor64() { 490 var l = 0, h = 0, i; 491 for (i = 0; i < arguments.length; i++) { 492 l ^= arguments[i].lo; 493 h ^= arguments[i].hi; 494 } 495 return new u64(h, l); 496} 497 498function R(x, c) { 499 var h, l, c1 = 32 - c; 500 if (c < 32) { 501 h = (x.hi >>> c) | (x.lo << c1); 502 l = (x.lo >>> c) | (x.hi << c1); 503 } else if (c < 64) { 504 h = (x.lo >>> c) | (x.hi << c1); 505 l = (x.hi >>> c) | (x.lo << c1); 506 } 507 return new u64(h, l); 508} 509 510function Ch(x, y, z) { 511 var h = (x.hi & y.hi) ^ (~x.hi & z.hi), 512 l = (x.lo & y.lo) ^ (~x.lo & z.lo); 513 return new u64(h, l); 514} 515 516function Maj(x, y, z) { 517 var h = (x.hi & y.hi) ^ (x.hi & z.hi) ^ (y.hi & z.hi), 518 l = (x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo); 519 return new u64(h, l); 520} 521 522function Sigma0(x) { return xor64(R(x,28), R(x,34), R(x,39)); } 523function Sigma1(x) { return xor64(R(x,14), R(x,18), R(x,41)); } 524function sigma0(x) { return xor64(R(x, 1), R(x, 8), shr64(x,7)); } 525function sigma1(x) { return xor64(R(x,19), R(x,61), shr64(x,6)); } 526 527var K = [ 528 new u64(0x428a2f98, 0xd728ae22), new u64(0x71374491, 0x23ef65cd), 529 new u64(0xb5c0fbcf, 0xec4d3b2f), new u64(0xe9b5dba5, 0x8189dbbc), 530 new u64(0x3956c25b, 0xf348b538), new u64(0x59f111f1, 0xb605d019), 531 new u64(0x923f82a4, 0xaf194f9b), new u64(0xab1c5ed5, 0xda6d8118), 532 new u64(0xd807aa98, 0xa3030242), new u64(0x12835b01, 0x45706fbe), 533 new u64(0x243185be, 0x4ee4b28c), new u64(0x550c7dc3, 0xd5ffb4e2), 534 new u64(0x72be5d74, 0xf27b896f), new u64(0x80deb1fe, 0x3b1696b1), 535 new u64(0x9bdc06a7, 0x25c71235), new u64(0xc19bf174, 0xcf692694), 536 new u64(0xe49b69c1, 0x9ef14ad2), new u64(0xefbe4786, 0x384f25e3), 537 new u64(0x0fc19dc6, 0x8b8cd5b5), new u64(0x240ca1cc, 0x77ac9c65), 538 new u64(0x2de92c6f, 0x592b0275), new u64(0x4a7484aa, 0x6ea6e483), 539 new u64(0x5cb0a9dc, 0xbd41fbd4), new u64(0x76f988da, 0x831153b5), 540 new u64(0x983e5152, 0xee66dfab), new u64(0xa831c66d, 0x2db43210), 541 new u64(0xb00327c8, 0x98fb213f), new u64(0xbf597fc7, 0xbeef0ee4), 542 new u64(0xc6e00bf3, 0x3da88fc2), new u64(0xd5a79147, 0x930aa725), 543 new u64(0x06ca6351, 0xe003826f), new u64(0x14292967, 0x0a0e6e70), 544 new u64(0x27b70a85, 0x46d22ffc), new u64(0x2e1b2138, 0x5c26c926), 545 new u64(0x4d2c6dfc, 0x5ac42aed), new u64(0x53380d13, 0x9d95b3df), 546 new u64(0x650a7354, 0x8baf63de), new u64(0x766a0abb, 0x3c77b2a8), 547 new u64(0x81c2c92e, 0x47edaee6), new u64(0x92722c85, 0x1482353b), 548 new u64(0xa2bfe8a1, 0x4cf10364), new u64(0xa81a664b, 0xbc423001), 549 new u64(0xc24b8b70, 0xd0f89791), new u64(0xc76c51a3, 0x0654be30), 550 new u64(0xd192e819, 0xd6ef5218), new u64(0xd6990624, 0x5565a910), 551 new u64(0xf40e3585, 0x5771202a), new u64(0x106aa070, 0x32bbd1b8), 552 new u64(0x19a4c116, 0xb8d2d0c8), new u64(0x1e376c08, 0x5141ab53), 553 new u64(0x2748774c, 0xdf8eeb99), new u64(0x34b0bcb5, 0xe19b48a8), 554 new u64(0x391c0cb3, 0xc5c95a63), new u64(0x4ed8aa4a, 0xe3418acb), 555 new u64(0x5b9cca4f, 0x7763e373), new u64(0x682e6ff3, 0xd6b2b8a3), 556 new u64(0x748f82ee, 0x5defb2fc), new u64(0x78a5636f, 0x43172f60), 557 new u64(0x84c87814, 0xa1f0ab72), new u64(0x8cc70208, 0x1a6439ec), 558 new u64(0x90befffa, 0x23631e28), new u64(0xa4506ceb, 0xde82bde9), 559 new u64(0xbef9a3f7, 0xb2c67915), new u64(0xc67178f2, 0xe372532b), 560 new u64(0xca273ece, 0xea26619c), new u64(0xd186b8c7, 0x21c0c207), 561 new u64(0xeada7dd6, 0xcde0eb1e), new u64(0xf57d4f7f, 0xee6ed178), 562 new u64(0x06f067aa, 0x72176fba), new u64(0x0a637dc5, 0xa2c898a6), 563 new u64(0x113f9804, 0xbef90dae), new u64(0x1b710b35, 0x131c471b), 564 new u64(0x28db77f5, 0x23047d84), new u64(0x32caab7b, 0x40c72493), 565 new u64(0x3c9ebe0a, 0x15c9bebc), new u64(0x431d67c4, 0x9c100d4c), 566 new u64(0x4cc5d4be, 0xcb3e42b6), new u64(0x597f299c, 0xfc657e2a), 567 new u64(0x5fcb6fab, 0x3ad6faec), new u64(0x6c44198c, 0x4a475817) 568]; 569 570function crypto_hashblocks(x, m, n) { 571 var z = [], b = [], a = [], w = [], t, i, j; 572 573 for (i = 0; i < 8; i++) z[i] = a[i] = dl64(x, 8*i); 574 575 var pos = 0; 576 while (n >= 128) { 577 for (i = 0; i < 16; i++) w[i] = dl64(m, 8*i+pos); 578 for (i = 0; i < 80; i++) { 579 for (j = 0; j < 8; j++) b[j] = a[j]; 580 t = add64(a[7], Sigma1(a[4]), Ch(a[4], a[5], a[6]), K[i], w[i%16]); 581 b[7] = add64(t, Sigma0(a[0]), Maj(a[0], a[1], a[2])); 582 b[3] = add64(b[3], t); 583 for (j = 0; j < 8; j++) a[(j+1)%8] = b[j]; 584 if (i%16 === 15) { 585 for (j = 0; j < 16; j++) { 586 w[j] = add64(w[j], w[(j+9)%16], sigma0(w[(j+1)%16]), sigma1(w[(j+14)%16])); 587 } 588 } 589 } 590 591 for (i = 0; i < 8; i++) { 592 a[i] = add64(a[i], z[i]); 593 z[i] = a[i]; 594 } 595 596 pos += 128; 597 n -= 128; 598 } 599 600 for (i = 0; i < 8; i++) ts64(x, 8*i, z[i]); 601 return n; 602} 603 604var iv = new Uint8Array([ 605 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, 606 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, 607 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, 608 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, 609 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, 610 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, 611 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, 612 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 613]); 614 615function crypto_hash(out, m, n) { 616 var h = new Uint8Array(64), x = new Uint8Array(256); 617 var i, b = n; 618 619 for (i = 0; i < 64; i++) h[i] = iv[i]; 620 621 crypto_hashblocks(h, m, n); 622 n %= 128; 623 624 for (i = 0; i < 256; i++) x[i] = 0; 625 for (i = 0; i < n; i++) x[i] = m[b-n+i]; 626 x[n] = 128; 627 628 n = 256-128*(n<112?1:0); 629 x[n-9] = 0; 630 ts64(x, n-8, new u64((b / 0x20000000) | 0, b << 3)); 631 crypto_hashblocks(h, x, n); 632 633 for (i = 0; i < 64; i++) out[i] = h[i]; 634 635 return 0; 636} 637 638function add(p, q) { 639 var a = gf(), b = gf(), c = gf(), 640 d = gf(), e = gf(), f = gf(), 641 g = gf(), h = gf(), t = gf(); 642 643 Z(a, p[1], p[0]); 644 Z(t, q[1], q[0]); 645 M(a, a, t); 646 A(b, p[0], p[1]); 647 A(t, q[0], q[1]); 648 M(b, b, t); 649 M(c, p[3], q[3]); 650 M(c, c, D2); 651 M(d, p[2], q[2]); 652 A(d, d, d); 653 Z(e, b, a); 654 Z(f, d, c); 655 A(g, d, c); 656 A(h, b, a); 657 658 M(p[0], e, f); 659 M(p[1], h, g); 660 M(p[2], g, f); 661 M(p[3], e, h); 662} 663 664function cswap(p, q, b) { 665 var i; 666 for (i = 0; i < 4; i++) { 667 sel25519(p[i], q[i], b); 668 } 669} 670 671function pack(r, p) { 672 var tx = gf(), ty = gf(), zi = gf(); 673 inv25519(zi, p[2]); 674 M(tx, p[0], zi); 675 M(ty, p[1], zi); 676 pack25519(r, ty); 677 r[31] ^= par25519(tx) << 7; 678} 679 680function scalarmult(p, q, s) { 681 var b, i; 682 set25519(p[0], gf0); 683 set25519(p[1], gf1); 684 set25519(p[2], gf1); 685 set25519(p[3], gf0); 686 for (i = 255; i >= 0; --i) { 687 b = (s[(i/8)|0] >> (i&7)) & 1; 688 cswap(p, q, b); 689 add(q, p); 690 add(p, p); 691 cswap(p, q, b); 692 } 693} 694 695function scalarbase(p, s) { 696 var q = [gf(), gf(), gf(), gf()]; 697 set25519(q[0], X); 698 set25519(q[1], Y); 699 set25519(q[2], gf1); 700 M(q[3], X, Y); 701 scalarmult(p, q, s); 702} 703 704function crypto_sign_keypair(pk, sk, seeded) { 705 var d = new Uint8Array(64); 706 var p = [gf(), gf(), gf(), gf()]; 707 var i; 708 709 if (!seeded) randombytes(sk, 32); 710 crypto_hash(d, sk, 32); 711 d[0] &= 248; 712 d[31] &= 127; 713 d[31] |= 64; 714 715 scalarbase(p, d); 716 pack(pk, p); 717 718 for (i = 0; i < 32; i++) sk[i+32] = pk[i]; 719 return 0; 720} 721 722var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); 723 724function modL(r, x) { 725 var carry, i, j, k; 726 for (i = 63; i >= 32; --i) { 727 carry = 0; 728 for (j = i - 32, k = i - 12; j < k; ++j) { 729 x[j] += carry - 16 * x[i] * L[j - (i - 32)]; 730 carry = (x[j] + 128) >> 8; 731 x[j] -= carry * 256; 732 } 733 x[j] += carry; 734 x[i] = 0; 735 } 736 carry = 0; 737 for (j = 0; j < 32; j++) { 738 x[j] += carry - (x[31] >> 4) * L[j]; 739 carry = x[j] >> 8; 740 x[j] &= 255; 741 } 742 for (j = 0; j < 32; j++) x[j] -= carry * L[j]; 743 for (i = 0; i < 32; i++) { 744 x[i+1] += x[i] >> 8; 745 r[i] = x[i] & 255; 746 } 747} 748 749function reduce(r) { 750 var x = new Float64Array(64), i; 751 for (i = 0; i < 64; i++) x[i] = r[i]; 752 for (i = 0; i < 64; i++) r[i] = 0; 753 modL(r, x); 754} 755 756// Note: difference from C - smlen returned, not passed as argument. 757function crypto_sign(sm, m, n, sk) { 758 var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); 759 var i, j, x = new Float64Array(64); 760 var p = [gf(), gf(), gf(), gf()]; 761 762 crypto_hash(d, sk, 32); 763 d[0] &= 248; 764 d[31] &= 127; 765 d[31] |= 64; 766 767 var smlen = n + 64; 768 for (i = 0; i < n; i++) sm[64 + i] = m[i]; 769 for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; 770 771 crypto_hash(r, sm.subarray(32), n+32); 772 reduce(r); 773 scalarbase(p, r); 774 pack(sm, p); 775 776 for (i = 32; i < 64; i++) sm[i] = sk[i]; 777 crypto_hash(h, sm, n + 64); 778 reduce(h); 779 780 for (i = 0; i < 64; i++) x[i] = 0; 781 for (i = 0; i < 32; i++) x[i] = r[i]; 782 for (i = 0; i < 32; i++) { 783 for (j = 0; j < 32; j++) { 784 x[i+j] += h[i] * d[j]; 785 } 786 } 787 788 modL(sm.subarray(32), x); 789 return smlen; 790} 791 792function unpackneg(r, p) { 793 var t = gf(), chk = gf(), num = gf(), 794 den = gf(), den2 = gf(), den4 = gf(), 795 den6 = gf(); 796 797 set25519(r[2], gf1); 798 unpack25519(r[1], p); 799 S(num, r[1]); 800 M(den, num, D); 801 Z(num, num, r[2]); 802 A(den, r[2], den); 803 804 S(den2, den); 805 S(den4, den2); 806 M(den6, den4, den2); 807 M(t, den6, num); 808 M(t, t, den); 809 810 pow2523(t, t); 811 M(t, t, num); 812 M(t, t, den); 813 M(t, t, den); 814 M(r[0], t, den); 815 816 S(chk, r[0]); 817 M(chk, chk, den); 818 if (neq25519(chk, num)) M(r[0], r[0], I); 819 820 S(chk, r[0]); 821 M(chk, chk, den); 822 if (neq25519(chk, num)) return -1; 823 824 if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); 825 826 M(r[3], r[0], r[1]); 827 return 0; 828} 829 830function crypto_sign_open(m, sm, n, pk) { 831 var i, mlen; 832 var t = new Uint8Array(32), h = new Uint8Array(64); 833 var p = [gf(), gf(), gf(), gf()], 834 q = [gf(), gf(), gf(), gf()]; 835 836 mlen = -1; 837 if (n < 64) return -1; 838 839 if (unpackneg(q, pk)) return -1; 840 841 for (i = 0; i < n; i++) m[i] = sm[i]; 842 for (i = 0; i < 32; i++) m[i+32] = pk[i]; 843 crypto_hash(h, m, n); 844 reduce(h); 845 scalarmult(p, q, h); 846 847 scalarbase(q, sm.subarray(32)); 848 add(p, q); 849 pack(t, p); 850 851 n -= 64; 852 if (crypto_verify_32(sm, 0, t, 0)) { 853 for (i = 0; i < n; i++) m[i] = 0; 854 return -1; 855 } 856 857 for (i = 0; i < n; i++) m[i] = sm[i + 64]; 858 mlen = n; 859 return mlen; 860} 861 862var crypto_secretbox_KEYBYTES = 32, 863 crypto_secretbox_NONCEBYTES = 24, 864 crypto_secretbox_ZEROBYTES = 32, 865 crypto_secretbox_BOXZEROBYTES = 16, 866 crypto_scalarmult_BYTES = 32, 867 crypto_scalarmult_SCALARBYTES = 32, 868 crypto_box_PUBLICKEYBYTES = 32, 869 crypto_box_SECRETKEYBYTES = 32, 870 crypto_box_BEFORENMBYTES = 32, 871 crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES, 872 crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES, 873 crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES, 874 crypto_sign_BYTES = 64, 875 crypto_sign_PUBLICKEYBYTES = 32, 876 crypto_sign_SECRETKEYBYTES = 64, 877 crypto_sign_SEEDBYTES = 32, 878 crypto_hash_BYTES = 64; 879 880nacl.lowlevel = { 881 crypto_core_hsalsa20: crypto_core_hsalsa20, 882 crypto_stream_xor: crypto_stream_xor, 883 crypto_stream: crypto_stream, 884 crypto_stream_salsa20_xor: crypto_stream_salsa20_xor, 885 crypto_stream_salsa20: crypto_stream_salsa20, 886 crypto_onetimeauth: crypto_onetimeauth, 887 crypto_onetimeauth_verify: crypto_onetimeauth_verify, 888 crypto_verify_16: crypto_verify_16, 889 crypto_verify_32: crypto_verify_32, 890 crypto_secretbox: crypto_secretbox, 891 crypto_secretbox_open: crypto_secretbox_open, 892 crypto_scalarmult: crypto_scalarmult, 893 crypto_scalarmult_base: crypto_scalarmult_base, 894 crypto_box_beforenm: crypto_box_beforenm, 895 crypto_box_afternm: crypto_box_afternm, 896 crypto_box: crypto_box, 897 crypto_box_open: crypto_box_open, 898 crypto_box_keypair: crypto_box_keypair, 899 crypto_hash: crypto_hash, 900 crypto_sign: crypto_sign, 901 crypto_sign_keypair: crypto_sign_keypair, 902 crypto_sign_open: crypto_sign_open, 903 904 crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES, 905 crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES, 906 crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES, 907 crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES, 908 crypto_scalarmult_BYTES: crypto_scalarmult_BYTES, 909 crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES, 910 crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES, 911 crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES, 912 crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES, 913 crypto_box_NONCEBYTES: crypto_box_NONCEBYTES, 914 crypto_box_ZEROBYTES: crypto_box_ZEROBYTES, 915 crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES, 916 crypto_sign_BYTES: crypto_sign_BYTES, 917 crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES, 918 crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES, 919 crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES, 920 crypto_hash_BYTES: crypto_hash_BYTES 921}; 922 923/* High-level API */ 924 925function checkLengths(k, n) { 926 if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size'); 927 if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size'); 928} 929 930function checkBoxLengths(pk, sk) { 931 if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size'); 932 if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size'); 933} 934 935function checkArrayTypes() { 936 var t, i; 937 for (i = 0; i < arguments.length; i++) { 938 if ((t = Object.prototype.toString.call(arguments[i])) !== '[object Uint8Array]') 939 throw new TypeError('unexpected type ' + t + ', use Uint8Array'); 940 } 941} 942 943function cleanup(arr) { 944 for (var i = 0; i < arr.length; i++) arr[i] = 0; 945} 946 947// TODO: Completely remove this in v0.15. 948if (!nacl.util) { 949 nacl.util = {}; 950 nacl.util.decodeUTF8 = nacl.util.encodeUTF8 = nacl.util.encodeBase64 = nacl.util.decodeBase64 = function() { 951 throw new Error('nacl.util moved into separate package: https://github.com/dchest/tweetnacl-util-js'); 952 }; 953} 954 955nacl.randomBytes = function(n) { 956 var b = new Uint8Array(n); 957 randombytes(b, n); 958 return b; 959}; 960 961nacl.secretbox = function(msg, nonce, key) { 962 checkArrayTypes(msg, nonce, key); 963 checkLengths(key, nonce); 964 var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length); 965 var c = new Uint8Array(m.length); 966 for (var i = 0; i < msg.length; i++) m[i+crypto_secretbox_ZEROBYTES] = msg[i]; 967 crypto_secretbox(c, m, m.length, nonce, key); 968 return c.subarray(crypto_secretbox_BOXZEROBYTES); 969}; 970 971nacl.secretbox.open = function(box, nonce, key) { 972 checkArrayTypes(box, nonce, key); 973 checkLengths(key, nonce); 974 var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length); 975 var m = new Uint8Array(c.length); 976 for (var i = 0; i < box.length; i++) c[i+crypto_secretbox_BOXZEROBYTES] = box[i]; 977 if (c.length < 32) return false; 978 if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return false; 979 return m.subarray(crypto_secretbox_ZEROBYTES); 980}; 981 982nacl.secretbox.keyLength = crypto_secretbox_KEYBYTES; 983nacl.secretbox.nonceLength = crypto_secretbox_NONCEBYTES; 984nacl.secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES; 985 986nacl.scalarMult = function(n, p) { 987 checkArrayTypes(n, p); 988 if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); 989 if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); 990 var q = new Uint8Array(crypto_scalarmult_BYTES); 991 crypto_scalarmult(q, n, p); 992 return q; 993}; 994 995nacl.scalarMult.base = function(n) { 996 checkArrayTypes(n); 997 if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); 998 var q = new Uint8Array(crypto_scalarmult_BYTES); 999 crypto_scalarmult_base(q, n); 1000 return q; 1001}; 1002 1003nacl.scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES; 1004nacl.scalarMult.groupElementLength = crypto_scalarmult_BYTES; 1005 1006nacl.box = function(msg, nonce, publicKey, secretKey) { 1007 var k = nacl.box.before(publicKey, secretKey); 1008 return nacl.secretbox(msg, nonce, k); 1009}; 1010 1011nacl.box.before = function(publicKey, secretKey) { 1012 checkArrayTypes(publicKey, secretKey); 1013 checkBoxLengths(publicKey, secretKey); 1014 var k = new Uint8Array(crypto_box_BEFORENMBYTES); 1015 crypto_box_beforenm(k, publicKey, secretKey); 1016 return k; 1017}; 1018 1019nacl.box.after = nacl.secretbox; 1020 1021nacl.box.open = function(msg, nonce, publicKey, secretKey) { 1022 var k = nacl.box.before(publicKey, secretKey); 1023 return nacl.secretbox.open(msg, nonce, k); 1024}; 1025 1026nacl.box.open.after = nacl.secretbox.open; 1027 1028nacl.box.keyPair = function() { 1029 var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); 1030 var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); 1031 crypto_box_keypair(pk, sk); 1032 return {publicKey: pk, secretKey: sk}; 1033}; 1034 1035nacl.box.keyPair.fromSecretKey = function(secretKey) { 1036 checkArrayTypes(secretKey); 1037 if (secretKey.length !== crypto_box_SECRETKEYBYTES) 1038 throw new Error('bad secret key size'); 1039 var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); 1040 crypto_scalarmult_base(pk, secretKey); 1041 return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; 1042}; 1043 1044nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES; 1045nacl.box.secretKeyLength = crypto_box_SECRETKEYBYTES; 1046nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES; 1047nacl.box.nonceLength = crypto_box_NONCEBYTES; 1048nacl.box.overheadLength = nacl.secretbox.overheadLength; 1049 1050nacl.sign = function(msg, secretKey) { 1051 checkArrayTypes(msg, secretKey); 1052 if (secretKey.length !== crypto_sign_SECRETKEYBYTES) 1053 throw new Error('bad secret key size'); 1054 var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); 1055 crypto_sign(signedMsg, msg, msg.length, secretKey); 1056 return signedMsg; 1057}; 1058 1059nacl.sign.open = function(signedMsg, publicKey) { 1060 if (arguments.length !== 2) 1061 throw new Error('nacl.sign.open accepts 2 arguments; did you mean to use nacl.sign.detached.verify?'); 1062 checkArrayTypes(signedMsg, publicKey); 1063 if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) 1064 throw new Error('bad public key size'); 1065 var tmp = new Uint8Array(signedMsg.length); 1066 var mlen = crypto_sign_open(tmp, signedMsg, signedMsg.length, publicKey); 1067 if (mlen < 0) return null; 1068 var m = new Uint8Array(mlen); 1069 for (var i = 0; i < m.length; i++) m[i] = tmp[i]; 1070 return m; 1071}; 1072 1073nacl.sign.detached = function(msg, secretKey) { 1074 var signedMsg = nacl.sign(msg, secretKey); 1075 var sig = new Uint8Array(crypto_sign_BYTES); 1076 for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; 1077 return sig; 1078}; 1079 1080nacl.sign.detached.verify = function(msg, sig, publicKey) { 1081 checkArrayTypes(msg, sig, publicKey); 1082 if (sig.length !== crypto_sign_BYTES) 1083 throw new Error('bad signature size'); 1084 if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) 1085 throw new Error('bad public key size'); 1086 var sm = new Uint8Array(crypto_sign_BYTES + msg.length); 1087 var m = new Uint8Array(crypto_sign_BYTES + msg.length); 1088 var i; 1089 for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; 1090 for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; 1091 return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); 1092}; 1093 1094nacl.sign.keyPair = function() { 1095 var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); 1096 var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); 1097 crypto_sign_keypair(pk, sk); 1098 return {publicKey: pk, secretKey: sk}; 1099}; 1100 1101nacl.sign.keyPair.fromSecretKey = function(secretKey) { 1102 checkArrayTypes(secretKey); 1103 if (secretKey.length !== crypto_sign_SECRETKEYBYTES) 1104 throw new Error('bad secret key size'); 1105 var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); 1106 for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; 1107 return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; 1108}; 1109 1110nacl.sign.keyPair.fromSeed = function(seed) { 1111 checkArrayTypes(seed); 1112 if (seed.length !== crypto_sign_SEEDBYTES) 1113 throw new Error('bad seed size'); 1114 var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); 1115 var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); 1116 for (var i = 0; i < 32; i++) sk[i] = seed[i]; 1117 crypto_sign_keypair(pk, sk, true); 1118 return {publicKey: pk, secretKey: sk}; 1119}; 1120 1121nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES; 1122nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES; 1123nacl.sign.seedLength = crypto_sign_SEEDBYTES; 1124nacl.sign.signatureLength = crypto_sign_BYTES; 1125 1126nacl.hash = function(msg) { 1127 checkArrayTypes(msg); 1128 var h = new Uint8Array(crypto_hash_BYTES); 1129 crypto_hash(h, msg, msg.length); 1130 return h; 1131}; 1132 1133nacl.hash.hashLength = crypto_hash_BYTES; 1134 1135nacl.verify = function(x, y) { 1136 checkArrayTypes(x, y); 1137 // Zero length arguments are considered not equal. 1138 if (x.length === 0 || y.length === 0) return false; 1139 if (x.length !== y.length) return false; 1140 return (vn(x, 0, y, 0, x.length) === 0) ? true : false; 1141}; 1142 1143nacl.setPRNG = function(fn) { 1144 randombytes = fn; 1145}; 1146 1147(function() { 1148 // Initialize PRNG if environment provides CSPRNG. 1149 // If not, methods calling randombytes will throw. 1150 var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; 1151 if (crypto && crypto.getRandomValues) { 1152 // Browsers. 1153 var QUOTA = 65536; 1154 nacl.setPRNG(function(x, n) { 1155 var i, v = new Uint8Array(n); 1156 for (i = 0; i < n; i += QUOTA) { 1157 crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); 1158 } 1159 for (i = 0; i < n; i++) x[i] = v[i]; 1160 cleanup(v); 1161 }); 1162 } else if (typeof require !== 'undefined') { 1163 // Node.js. 1164 crypto = require('crypto'); 1165 if (crypto && crypto.randomBytes) { 1166 nacl.setPRNG(function(x, n) { 1167 var i, v = crypto.randomBytes(n); 1168 for (i = 0; i < n; i++) x[i] = v[i]; 1169 cleanup(v); 1170 }); 1171 } 1172 } 1173})(); 1174 1175})(typeof module !== 'undefined' && module.exports ? module.exports : (self.nacl = self.nacl || {})); 1176