sodium-javascript
Advanced tools
Comparing version 0.6.3 to 0.7.0
@@ -6,3 +6,9 @@ /* eslint-disable camelcase */ | ||
const { crypto_generichash_batch } = require('./crypto_generichash') | ||
const { crypto_secretbox_open_easy, crypto_secretbox_easy } = require('./crypto_secretbox') | ||
const { crypto_stream_xsalsa20_MESSAGEBYTES_MAX } = require('./crypto_stream') | ||
const { | ||
crypto_secretbox_open_easy, | ||
crypto_secretbox_easy, | ||
crypto_secretbox_detached, | ||
crypto_secretbox_open_detached | ||
} = require('./crypto_secretbox') | ||
const xsalsa20 = require('xsalsa20') | ||
@@ -19,4 +25,13 @@ const assert = require('nanoassert') | ||
const crypto_box_BEFORENMBYTES = 32 | ||
const crypto_box_MACBYTES = 16 | ||
const crypto_box_curve25519xsalsa20poly1305_MACBYTES = 16 | ||
const crypto_box_MESSAGEBYTES_MAX = | ||
crypto_stream_xsalsa20_MESSAGEBYTES_MAX - | ||
crypto_box_curve25519xsalsa20poly1305_MACBYTES | ||
module.exports = { | ||
crypto_box_easy, | ||
crypto_box_open_easy, | ||
crypto_box_keypair, | ||
@@ -33,3 +48,4 @@ crypto_box_seed_keypair, | ||
crypto_box_SEEDBYTES, | ||
crypto_box_BEFORENMBYTES | ||
crypto_box_BEFORENMBYTES, | ||
crypto_box_MACBYTES | ||
} | ||
@@ -43,3 +59,2 @@ | ||
} | ||
function crypto_box_seed_keypair (pk, sk, seed) { | ||
@@ -102,2 +117,83 @@ assert(pk.byteLength === crypto_box_PUBLICKEYBYTES, "pk should be 'crypto_box_PUBLICKEYBYTES' bytes") | ||
function crypto_box_beforenm (k, pk, sk) { | ||
const zero = new Uint8Array(16) | ||
const s = new Uint8Array(32) | ||
assert(crypto_scalarmult(s, sk, pk) === 0) | ||
xsalsa20.core_hsalsa20(k, zero, s, xsalsa20.SIGMA) | ||
return true | ||
} | ||
function crypto_box_detached_afternm (c, mac, m, n, k) { | ||
return crypto_secretbox_detached(c, mac, m, n, k) | ||
} | ||
function crypto_box_detached (c, mac, m, n, pk, sk) { | ||
check(mac, crypto_box_MACBYTES) | ||
check(n, crypto_box_NONCEBYTES) | ||
check(pk, crypto_box_PUBLICKEYBYTES) | ||
check(sk, crypto_box_SECRETKEYBYTES) | ||
const k = new Uint8Array(crypto_box_BEFORENMBYTES) | ||
assert(crypto_box_beforenm(k, pk, sk)) | ||
const ret = crypto_box_detached_afternm(c, mac, m, n, k) | ||
cleanup(k) | ||
return ret | ||
} | ||
function crypto_box_easy (c, m, n, pk, sk) { | ||
assert( | ||
c.length >= m.length + crypto_box_MACBYTES, | ||
"c should be at least 'm.length + crypto_box_MACBYTES' bytes" | ||
) | ||
assert( | ||
m.length <= crypto_box_MESSAGEBYTES_MAX, | ||
"m should be at most 'crypto_box_MESSAGEBYTES_MAX' bytes" | ||
) | ||
return crypto_box_detached( | ||
c.subarray(crypto_box_MACBYTES, m.length + crypto_box_MACBYTES), | ||
c.subarray(0, crypto_box_MACBYTES), | ||
m, | ||
n, | ||
pk, | ||
sk | ||
) | ||
} | ||
function crypto_box_open_detached_afternm (m, c, mac, n, k) { | ||
return crypto_secretbox_open_detached(m, c, mac, n, k) | ||
} | ||
function crypto_box_open_detached (m, c, mac, n, pk, sk) { | ||
const k = new Uint8Array(crypto_box_BEFORENMBYTES) | ||
assert(crypto_box_beforenm(k, pk, sk)) | ||
const ret = crypto_box_open_detached_afternm(m, c, mac, n, k) | ||
cleanup(k) | ||
return ret | ||
} | ||
function crypto_box_open_easy (m, c, n, pk, sk) { | ||
assert( | ||
c.length >= m.length + crypto_box_MACBYTES, | ||
"c should be at least 'm.length + crypto_box_MACBYTES' bytes" | ||
) | ||
return crypto_box_open_detached( | ||
m, | ||
c.subarray(crypto_box_MACBYTES, m.length + crypto_box_MACBYTES), | ||
c.subarray(0, crypto_box_MACBYTES), | ||
n, | ||
pk, | ||
sk | ||
) | ||
} | ||
function check (buf, len) { | ||
@@ -104,0 +200,0 @@ if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : '')) |
@@ -71,4 +71,4 @@ /* eslint-disable camelcase */ | ||
crypto_secretbox_easy(tmp, msg, n, k) | ||
o.set(tmp.subarray(0, msg.byteLength)) | ||
mac.set(tmp.subarray(msg.byteLength)) | ||
mac.set(tmp.subarray(0, mac.byteLength)) | ||
o.set(tmp.subarray(mac.byteLength)) | ||
return true | ||
@@ -84,4 +84,4 @@ } | ||
const tmp = new Uint8Array(o.byteLength + mac.byteLength) | ||
tmp.set(o) | ||
tmp.set(mac, msg.byteLength) | ||
tmp.set(mac) | ||
tmp.set(o, mac.byteLength) | ||
return crypto_secretbox_open_easy(msg, tmp, n, k) | ||
@@ -88,0 +88,0 @@ } |
@@ -11,8 +11,16 @@ /* eslint-disable camelcase, one-var */ | ||
const { randombytes } = require('./randombytes') | ||
const { crypto_scalarmult_BYTES } = require('./crypto_scalarmult.js') | ||
const { crypto_hash_sha512_BYTES } = require('./crypto_hash.js') | ||
const assert = require('nanoassert') | ||
const crypto_sign_BYTES = 64 | ||
const crypto_sign_PUBLICKEYBYTES = 32 | ||
const crypto_sign_SECRETKEYBYTES = 64 | ||
const crypto_sign_SEEDBYTES = 32 | ||
const crypto_sign_ed25519_PUBLICKEYBYTES = 32 | ||
const crypto_sign_ed25519_SECRETKEYBYTES = 64 | ||
const crypto_sign_ed25519_SEEDBYTES = 32 | ||
const crypto_sign_ed25519_BYTES = 64 | ||
const crypto_sign_BYTES = crypto_sign_ed25519_BYTES | ||
const crypto_sign_PUBLICKEYBYTES = crypto_sign_ed25519_PUBLICKEYBYTES | ||
const crypto_sign_SECRETKEYBYTES = crypto_sign_ed25519_SECRETKEYBYTES | ||
const crypto_sign_SEEDBYTES = crypto_sign_ed25519_SEEDBYTES | ||
module.exports = { | ||
@@ -28,3 +36,11 @@ crypto_sign_keypair, | ||
crypto_sign_SECRETKEYBYTES, | ||
crypto_sign_SEEDBYTES | ||
crypto_sign_SEEDBYTES, | ||
crypto_sign_ed25519_PUBLICKEYBYTES, | ||
crypto_sign_ed25519_SECRETKEYBYTES, | ||
crypto_sign_ed25519_SEEDBYTES, | ||
crypto_sign_ed25519_BYTES, | ||
crypto_sign_ed25519_pk_to_curve25519, | ||
crypto_sign_ed25519_sk_to_curve25519, | ||
unpackneg, | ||
pack | ||
} | ||
@@ -90,2 +106,4 @@ | ||
function scalarmult (p, q, s) { | ||
// don't mutate q | ||
var h = [gf(q[0]), gf(q[1]), gf(q[2]), gf(q[3])] | ||
var b, i | ||
@@ -98,6 +116,6 @@ set25519(p[0], gf0) | ||
b = (s[(i / 8) | 0] >> (i & 7)) & 1 | ||
cswap(p, q, b) | ||
add(q, p) | ||
cswap(p, h, b) | ||
add(h, p) | ||
add(p, p) | ||
cswap(p, q, b) | ||
cswap(p, h, b) | ||
} | ||
@@ -133,3 +151,2 @@ } | ||
for (i = 0; i < 32; i++) sk[i + 32] = pk[i] | ||
return 0 | ||
} | ||
@@ -224,2 +241,20 @@ | ||
function is_zero25519 (f) { | ||
var s = new Uint8Array(32) | ||
pack25519(s, f) | ||
return sodium_is_zero(s, 32) | ||
function sodium_is_zero (n) { | ||
let i | ||
let d = 0 | ||
for (let i = 0; i < n.length; i++) { | ||
d |= n[i] | ||
} | ||
return 1 & ((d - 1) >> 8) | ||
} | ||
} | ||
function unpackneg (r, p) { | ||
@@ -257,3 +292,5 @@ var t = gf(), chk = gf(), num = gf(), | ||
if (par25519(r[0]) === (p[31] >> 7)) Z(r[0], gf0, r[0]) | ||
if (par25519(r[0]) === (p[31] >> 7)) { | ||
Z(r[0], gf(), r[0]) | ||
} | ||
@@ -327,4 +364,132 @@ M(r[3], r[0], r[1]) | ||
function check (buf, len) { | ||
if (!buf || (len && buf.length < len)) throw new Error('Argument must be a buffer' + (len ? ' of length ' + len : '')) | ||
function ed25519_mul_l (p, q) { | ||
scalarmult(p, q, L) | ||
} | ||
function ed25519_is_on_main_subgroup (p) { | ||
var pl = [gf(), gf(), gf(), gf()] | ||
ed25519_mul_l(pl, p) | ||
var zero = 0 | ||
for (let i = 0; i < 16; i++) { | ||
zero |= (pl[0][i] & 0xffff) | ||
} | ||
return zero === 0 | ||
} | ||
function crypto_sign_ed25519_pk_to_curve25519 (x25519_pk, ed25519_pk) { | ||
check(x25519_pk, crypto_sign_PUBLICKEYBYTES) | ||
check(ed25519_pk, crypto_sign_ed25519_PUBLICKEYBYTES) | ||
var a = [gf(), gf(), gf(), gf()] | ||
var x = gf([1]) | ||
var one_minus_y = gf([1]) | ||
assert( | ||
isSmallOrder(ed25519_pk) && | ||
unpackneg(a, ed25519_pk) && | ||
ed25519_is_on_main_subgroup(a), 'Cannot convert key: bad point') | ||
for (let i = 0; i < a.length; i++) { | ||
pack25519(x25519_pk, a[i]); | ||
} | ||
Z(one_minus_y, one_minus_y, a[1]) | ||
A(x, x, a[1]) | ||
inv25519(one_minus_y, one_minus_y) | ||
M(x, x, one_minus_y) | ||
pack25519(x25519_pk, x) | ||
return 0 | ||
} | ||
function isSmallOrder (s) { | ||
Uint8Array.from([]) | ||
var bad_points = [ | ||
// 0 (order 4) | ||
Uint8Array.from([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]), | ||
// 1 (order 1) | ||
Uint8Array.from([0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]), | ||
// 2707385501144840649318225287225658788936804267575313519463743609750303402022(order 8) | ||
Uint8Array.from([0x26, 0xe8, 0x95, 0x8f, 0xc2, 0xb2, 0x27, 0xb0, 0x45, 0xc3, | ||
0xf4, 0x89, 0xf2, 0xef, 0x98, 0xf0, 0xd5, 0xdf, 0xac, 0x05, 0xd3, | ||
0xc6, 0x33, 0x39, 0xb1, 0x38, 0x02, 0x88, 0x6d, 0x53, 0xfc, 0x05]), | ||
// 55188659117513257062467267217118295137698188065244968500265048394206261417927 (order 8) | ||
Uint8Array.from([0xc7, 0x17, 0x6a, 0x70, 0x3d, 0x4d, 0xd8, 0x4f, 0xba, 0x3c, | ||
0x0b, 0x76, 0x0d, 0x10, 0x67, 0x0f, 0x2a, 0x20, 0x53, 0xfa, 0x2c, | ||
0x39, 0xcc, 0xc6, 0x4e, 0xc7, 0xfd, 0x77, 0x92, 0xac, 0x03, 0x7a]), | ||
// p-1 (order 2) | ||
Uint8Array.from([0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f]), | ||
// p (=0 order 4) | ||
Uint8Array.from([0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f]), | ||
// p + 1 (=1 order 1) | ||
Uint8Array.from([0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f]) | ||
] | ||
var c = new Uint8Array(7) | ||
var j | ||
check (bad_points, 7) | ||
for (let i = 0; i < bad_points.length; i++) { | ||
for (j = 0; j < 31; j++) { | ||
c[i] |= s[j] ^ bad_points[i][j] | ||
} | ||
} | ||
for (let i = 0; i < bad_points.length; i++) { | ||
c[i] |= (s[j] & 0x7f) ^ bad_points[i][j] | ||
} | ||
var k = 0 | ||
for (let i = 0; i < bad_points.length; i++) { | ||
k |= (c[i] - 1) | ||
} | ||
return ((k >> 8) & 1) === 0 | ||
} | ||
function crypto_sign_ed25519_sk_to_pk (pk, sk) { | ||
check(pk, crypto_sign_ed25519_PUBLICKEYBYTES) | ||
pk.set(sk.subarray(crypto_sign_ed25519_SEEDBYTES)) | ||
return pk | ||
} | ||
function crypto_sign_ed25519_sk_to_curve25519 (curveSk, edSk) { | ||
assert(curveSk && curveSk.byteLength === crypto_scalarmult_BYTES, "curveSk must be 'crypto_sign_SECRETKEYBYTES' long") | ||
assert(edSk && edSk.byteLength === crypto_sign_ed25519_SECRETKEYBYTES, "edSk must be 'crypto_sign_ed25519_SECRETKEYBYTES' long") | ||
var h = Buffer.alloc(crypto_hash_sha512_BYTES); | ||
crypto_hash(h, edSk, 32) | ||
h[0] &= 248; | ||
h[31] &= 127; | ||
h[31] |= 64; | ||
curveSk.set(h.subarray(0, crypto_scalarmult_BYTES)) | ||
h.fill(0) | ||
return curveSk | ||
} | ||
function check (buf, len, arg = 'Argument') { | ||
if (!buf || (len && buf.length < len)) throw new Error(arg + ' must be a buffer' + (len ? ' of length ' + len : '')) | ||
} |
@@ -9,2 +9,3 @@ /* eslint-disable camelcase */ | ||
exports.crypto_stream_PRIMITIVE = 'xsalsa20' | ||
exports.crypto_stream_xsalsa20_MESSAGEBYTES_MAX = Number.MAX_SAFE_INTEGER | ||
@@ -11,0 +12,0 @@ exports.crypto_stream = function (c, nonce, key) { |
@@ -15,2 +15,3 @@ 'use strict' | ||
forward(require('./crypto_verify')) | ||
forward(require('./crypto_auth')) | ||
forward(require('./crypto_box')) | ||
@@ -17,0 +18,0 @@ forward(require('./crypto_generichash')) |
{ | ||
"name": "sodium-javascript", | ||
"version": "0.6.3", | ||
"version": "0.7.0", | ||
"description": "WIP - a pure javascript version of sodium-native", | ||
@@ -10,4 +10,4 @@ "main": "index.js", | ||
"nanoassert": "^2.0.0", | ||
"sha256-universal": "^1.0.1", | ||
"sha512-universal": "^1.0.1", | ||
"sha256-universal": "^1.1.0", | ||
"sha512-universal": "^1.1.0", | ||
"siphash24": "^1.0.1", | ||
@@ -18,3 +18,3 @@ "xsalsa20": "^1.0.0" | ||
"browserify": "^16.5.1", | ||
"sodium-test": "^0.9.0", | ||
"sodium-test": "^0.10.0", | ||
"standard": "^14.3.4", | ||
@@ -21,0 +21,0 @@ "tape-run": "^7.0.0" |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
72123
27
2061
0
Updatedsha256-universal@^1.1.0
Updatedsha512-universal@^1.1.0