static crypto_sign_PRIVATEKEYBYTES: 32 = 32\r
static crypto_sign_SEEDBYTES: 32 = 32\r
\r
- static gf = function (init?: number[]): Float64Array {\r
+ static gf (init: number[] = []): Float64Array {\r
const r = new Float64Array(16)\r
- if (init) for (let i = 0; i < init.length; i++) {\r
- r[i] = init[i]\r
- }\r
+ r.set(init)\r
return r\r
}\r
\r
- static gf0: Float64Array = this.gf()\r
- static gf1: Float64Array = this.gf([1])\r
static D: Float64Array = this.gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203])\r
static D2: Float64Array = this.gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406])\r
static X: Float64Array = this.gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169])\r
}\r
\r
// Note: difference from TweetNaCl - BLAKE2b used to hash instead of SHA-512.\r
- static crypto_hash (out: Uint8Array, m: Uint8Array, n: number): number {\r
- const input = new Uint8Array(n)\r
- for (let i = 0; i < n; ++i) {\r
- input[i] = m[i]\r
- }\r
+ static crypto_hash (out: Uint8Array, m: Uint8Array): number {\r
const hash = new Blake2b(64).update(m).digest()\r
for (let i = 0; i < 64; ++i) {\r
out[i] = hash[i]\r
}\r
\r
static scalarmult (p: Float64Array[], q: Float64Array[], s: Uint8Array): void {\r
- this.set25519(p[0], this.gf0)\r
- this.set25519(p[1], this.gf1)\r
- this.set25519(p[2], this.gf1)\r
- this.set25519(p[3], this.gf0)\r
+ this.set25519(p[0], this.gf())\r
+ this.set25519(p[1], this.gf([1]))\r
+ this.set25519(p[2], this.gf([1]))\r
+ this.set25519(p[3], this.gf())\r
for (let i = 255; i >= 0; --i) {\r
const b = (s[(i / 8) | 0] >> (i & 7)) & 1\r
this.cswap(p, q, b)\r
const q: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()]\r
this.set25519(q[0], this.X)\r
this.set25519(q[1], this.Y)\r
- this.set25519(q[2], this.gf1)\r
+ this.set25519(q[2], this.gf([1]))\r
this.M(q[3], this.X, this.Y)\r
this.scalarmult(p, q, s)\r
}\r
\r
// Note: difference from C - smlen returned, not passed as argument.\r
static crypto_sign (sm: Uint8Array, m: Uint8Array, n: number, sk: Uint8Array, pk: Uint8Array): number {\r
- const d = new Uint8Array(64)\r
- const h = new Uint8Array(64)\r
- const r = new Uint8Array(64)\r
const x = new Float64Array(64)\r
const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()]\r
\r
- this.crypto_hash(d, sk, 32)\r
+ const d = new Blake2b(64).update(sk).digest()\r
d[0] &= 248\r
d[31] &= 127\r
d[31] |= 64\r
sm[32 + i] = d[32 + i]\r
}\r
\r
- this.crypto_hash(r, sm.subarray(32), n + 32)\r
+ const r = new Blake2b(64).update(sm.subarray(32)).digest()\r
this.reduce(r)\r
this.scalarbase(p, r)\r
this.pack(sm, p)\r
for (let i = 0; i < 32; i++) {\r
sm[i + 32] = pk[i]\r
}\r
- this.crypto_hash(h, sm, n + 64)\r
+ const h = new Blake2b(64).update(sm).digest()\r
this.reduce(h)\r
\r
for (let i = 0; i < 64; i++) {\r
const den4: Float64Array = this.gf()\r
const den6: Float64Array = this.gf()\r
\r
- this.set25519(r[2], this.gf1)\r
+ this.set25519(r[2], this.gf([1]))\r
this.unpack25519(r[1], p)\r
this.S(num, r[1])\r
this.M(den, num, this.D)\r
\r
if (this.neq25519(chk, num)) return -1\r
\r
- if (this.par25519(r[0]) === (p[31] >> 7)) this.Z(r[0], this.gf0, r[0])\r
+ if (this.par25519(r[0]) === (p[31] >> 7)) this.Z(r[0], this.gf(), r[0])\r
this.M(r[3], r[0], r[1])\r
return 0\r
}\r
\r
static crypto_sign_open (m: Uint8Array, sm: Uint8Array, n: number, pk: Uint8Array): number {\r
const t = new Uint8Array(32)\r
- const h = new Uint8Array(64)\r
const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()]\r
const q: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()]\r
\r
for (let i = 0; i < 32; i++) {\r
m[i + 32] = pk[i]\r
}\r
- this.crypto_hash(h, m, n)\r
+ const h = new Blake2b(64).update(m).digest()\r
this.reduce(h)\r
this.scalarmult(p, q, h)\r
\r
const pk = new Uint8Array(this.crypto_sign_PUBLICKEYBYTES)\r
const p: Float64Array[] = [this.gf(), this.gf(), this.gf(), this.gf()]\r
\r
- const hash = new Uint8Array(64)\r
- this.crypto_hash(hash, s, 64)\r
+ const hash = new Blake2b(64).update(s).digest()\r
hash[0] &= 248\r
hash[31] &= 127\r
hash[31] |= 64\r
projects / libnemo.git / commitdiff