Skip to content

Instantly share code, notes, and snippets.

@daviddahl

daviddahl/nsINaCl.diff

Created March 7, 2013 03:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daviddahl/5105336 to your computer and use it in GitHub Desktop.
Save daviddahl/5105336 to your computer and use it in GitHub Desktop.
Download ZIP
NaCl in Gecko: Brian Warner and David Dahl
Raw
nsINaCl.diff
diff --git a/security/manager/ssl/public/Makefile.in b/security/manager/ssl/public/Makefile.in
index 07eedf7..4269d53 100644
--- a/security/manager/ssl/public/Makefile.in
+++ b/security/manager/ssl/public/Makefile.in
@@ -102,6 +102,7 @@ XPIDLSRCS = \
nsIKeyModule.idl \
nsIProtectedAuthThread.idl \
nsIDataSignatureVerifier.idl \
+ nsINACL.idl \
$(NULL)
ifdef MOZ_XUL
diff --git a/security/manager/ssl/public/nsINACL.idl b/security/manager/ssl/public/nsINACL.idl
new file mode 100644
index 0000000..7ba713d
--- /dev/null
+++ b/security/manager/ssl/public/nsINACL.idl
@@ -0,0 +1,27 @@
+
+//{0x77fc331b, 0x786c, 0x43b8, {0xb6, 0x06, 0xc5, 0x4d, 0xc0, 0x74, 0xaa, 0x09}}
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(39829fff-585f-4e71-8717-a7e8c8a6bc08)]
+interface nsINACL : nsISupports
+{
+ readonly attribute string version; // 7-bit ASCII
+ readonly attribute ACString version2; // 8-bit
+ readonly attribute AUTF8String version3; // UTF-8
+ AUTF8String hello_world(in AUTF8String world);
+ [implicit_jscontext] jsval accept_array(in jsval input);
+
+ [implicit_jscontext] ACString arrayToB64(in jsval array);
+ [implicit_jscontext] jsval b64ToArray(in ACString b64);
+
+ /* [implicit_jscontext]
+ AUTF8String arrayOfUTF8ToString(in jsval array); */
+ [implicit_jscontext] jsval stringToArrayOfUTF8(in AString s);
+
+ [implicit_jscontext] jsval hash_sha256(in jsval msg);
+ [implicit_jscontext] jsval box(in jsval msg, in jsval nonce,
+ in jsval pk, in jsval sk);
+ [implicit_jscontext] jsval box_open(in jsval msg, in jsval nonce,
+ in jsval pk, in jsval sk);
+};
diff --git a/security/manager/ssl/src/Makefile.in b/security/manager/ssl/src/Makefile.in
index 5499dfb..bc2d739 100644
--- a/security/manager/ssl/src/Makefile.in
+++ b/security/manager/ssl/src/Makefile.in
@@ -101,6 +101,7 @@ CPPSRCS = \
nsIdentityChecking.cpp \
nsDataSignatureVerifier.cpp \
nsRandomGenerator.cpp \
+ nsNACL.cpp \
NSSErrorsService.cpp \
nsNSSCertificateFakeTransport.cpp \
PSMRunnable.cpp \
@@ -112,6 +113,24 @@ CPPSRCS += nsCertTree.cpp
endif
CSRCS += md4.c
+CSRCS += \
+ crypto_box_after.c \
+ crypto_box_before.c \
+ crypto_box_box.c \
+ crypto_core_hsalsa20_core.c \
+ crypto_core_salsa20_core.c \
+ crypto_hash_sha256_hash.c \
+ crypto_hashblocks_sha256_blocks.c \
+ crypto_onetimeauth_poly1305_auth.c \
+ crypto_onetimeauth_poly1305_verify.c \
+ crypto_scalarmult_curve25519_base.c \
+ crypto_scalarmult_curve25519_smult.c \
+ crypto_secretbox_xsalsa20poly1305_box.c \
+ crypto_stream_salsa20_stream.c \
+ crypto_stream_salsa20_xor.c \
+ crypto_stream_xsalsa20_stream.c \
+ crypto_stream_xsalsa20_xor.c \
+ crypto_verify_16_verify.c
EXTRA_DEPS = $(NSS_DEP_LIBS)
@@ -127,4 +146,3 @@ DEFINES += \
LOCAL_INCLUDES += $(NSS_CFLAGS)
include $(topsrcdir)/config/rules.mk
-
diff --git a/security/manager/ssl/src/crypto_box.h b/security/manager/ssl/src/crypto_box.h
new file mode 100644
index 0000000..a6f1c4f
--- /dev/null
+++ b/security/manager/ssl/src/crypto_box.h
@@ -0,0 +1,22 @@
+#ifndef crypto_box_H
+#define crypto_box_H
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+#define crypto_box crypto_box_curve25519xsalsa20poly1305
+#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
+#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
+#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
+#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
+#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
+#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_box_after.c b/security/manager/ssl/src/crypto_box_after.c
new file mode 100644
index 0000000..a4cffa1
--- /dev/null
+++ b/security/manager/ssl/src/crypto_box_after.c
@@ -0,0 +1,22 @@
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+int crypto_box_curve25519xsalsa20poly1305_afternm(
+ unsigned char *c,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k);
+}
+
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(
+ unsigned char *m,
+ const unsigned char *c,unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k);
+}
diff --git a/security/manager/ssl/src/crypto_box_before.c b/security/manager/ssl/src/crypto_box_before.c
new file mode 100644
index 0000000..7660e73
--- /dev/null
+++ b/security/manager/ssl/src/crypto_box_before.c
@@ -0,0 +1,17 @@
+#include "crypto_core_hsalsa20.h"
+#include "crypto_scalarmult_curve25519.h"
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+static const unsigned char n[16] = {0};
+
+int crypto_box_curve25519xsalsa20poly1305_beforenm(
+ unsigned char *k,
+ const unsigned char *pk,
+ const unsigned char *sk
+)
+{
+ unsigned char s[32];
+ crypto_scalarmult_curve25519(s,sk,pk);
+ return crypto_core_hsalsa20(k,n,s,sigma);
+}
diff --git a/security/manager/ssl/src/crypto_box_box.c b/security/manager/ssl/src/crypto_box_box.c
new file mode 100644
index 0000000..be106a1
--- /dev/null
+++ b/security/manager/ssl/src/crypto_box_box.c
@@ -0,0 +1,27 @@
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+int crypto_box_curve25519xsalsa20poly1305(
+ unsigned char *c,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk
+)
+{
+ unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
+ crypto_box_curve25519xsalsa20poly1305_beforenm(k,pk,sk);
+ return crypto_box_curve25519xsalsa20poly1305_afternm(c,m,mlen,n,k);
+}
+
+int crypto_box_curve25519xsalsa20poly1305_open(
+ unsigned char *m,
+ const unsigned char *c,unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk
+)
+{
+ unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
+ crypto_box_curve25519xsalsa20poly1305_beforenm(k,pk,sk);
+ return crypto_box_curve25519xsalsa20poly1305_open_afternm(m,c,clen,n,k);
+}
diff --git a/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h b/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h
new file mode 100644
index 0000000..5f4e209
--- /dev/null
+++ b/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h
@@ -0,0 +1,19 @@
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16
+extern int crypto_box_curve25519xsalsa20poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *,unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/ref"
+#define crypto_box_curve25519xsalsa20poly1305_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_core_hsalsa20.h b/security/manager/ssl/src/crypto_core_hsalsa20.h
new file mode 100644
index 0000000..46e5439
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_hsalsa20.h
@@ -0,0 +1,12 @@
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32
+#define crypto_core_hsalsa20_INPUTBYTES 16
+#define crypto_core_hsalsa20_KEYBYTES 32
+#define crypto_core_hsalsa20_CONSTBYTES 16
+extern int crypto_core_hsalsa20(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/ref"
+#define crypto_core_hsalsa20_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_core_hsalsa20_core.c b/security/manager/ssl/src/crypto_core_hsalsa20_core.c
new file mode 100644
index 0000000..b085a30
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_hsalsa20_core.c
@@ -0,0 +1,135 @@
+/*
+version 20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_hsalsa20.h"
+
+#define ROUNDS 20
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+ return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+ return
+ (uint32) (x[0]) \
+ | (((uint32) (x[1])) << 8) \
+ | (((uint32) (x[2])) << 16) \
+ | (((uint32) (x[3])) << 24)
+ ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+ x[0] = u; u >>= 8;
+ x[1] = u; u >>= 8;
+ x[2] = u; u >>= 8;
+ x[3] = u;
+}
+
+int crypto_core_hsalsa20(
+ unsigned char *out,
+ const unsigned char *in,
+ const unsigned char *k,
+ const unsigned char *c
+)
+{
+ uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+ uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+ int i;
+
+ j0 = x0 = load_littleendian(c + 0);
+ j1 = x1 = load_littleendian(k + 0);
+ j2 = x2 = load_littleendian(k + 4);
+ j3 = x3 = load_littleendian(k + 8);
+ j4 = x4 = load_littleendian(k + 12);
+ j5 = x5 = load_littleendian(c + 4);
+ j6 = x6 = load_littleendian(in + 0);
+ j7 = x7 = load_littleendian(in + 4);
+ j8 = x8 = load_littleendian(in + 8);
+ j9 = x9 = load_littleendian(in + 12);
+ j10 = x10 = load_littleendian(c + 8);
+ j11 = x11 = load_littleendian(k + 16);
+ j12 = x12 = load_littleendian(k + 20);
+ j13 = x13 = load_littleendian(k + 24);
+ j14 = x14 = load_littleendian(k + 28);
+ j15 = x15 = load_littleendian(c + 12);
+
+ for (i = ROUNDS;i > 0;i -= 2) {
+ x4 ^= rotate( x0+x12, 7);
+ x8 ^= rotate( x4+ x0, 9);
+ x12 ^= rotate( x8+ x4,13);
+ x0 ^= rotate(x12+ x8,18);
+ x9 ^= rotate( x5+ x1, 7);
+ x13 ^= rotate( x9+ x5, 9);
+ x1 ^= rotate(x13+ x9,13);
+ x5 ^= rotate( x1+x13,18);
+ x14 ^= rotate(x10+ x6, 7);
+ x2 ^= rotate(x14+x10, 9);
+ x6 ^= rotate( x2+x14,13);
+ x10 ^= rotate( x6+ x2,18);
+ x3 ^= rotate(x15+x11, 7);
+ x7 ^= rotate( x3+x15, 9);
+ x11 ^= rotate( x7+ x3,13);
+ x15 ^= rotate(x11+ x7,18);
+ x1 ^= rotate( x0+ x3, 7);
+ x2 ^= rotate( x1+ x0, 9);
+ x3 ^= rotate( x2+ x1,13);
+ x0 ^= rotate( x3+ x2,18);
+ x6 ^= rotate( x5+ x4, 7);
+ x7 ^= rotate( x6+ x5, 9);
+ x4 ^= rotate( x7+ x6,13);
+ x5 ^= rotate( x4+ x7,18);
+ x11 ^= rotate(x10+ x9, 7);
+ x8 ^= rotate(x11+x10, 9);
+ x9 ^= rotate( x8+x11,13);
+ x10 ^= rotate( x9+ x8,18);
+ x12 ^= rotate(x15+x14, 7);
+ x13 ^= rotate(x12+x15, 9);
+ x14 ^= rotate(x13+x12,13);
+ x15 ^= rotate(x14+x13,18);
+ }
+
+ x0 += j0;
+ x1 += j1;
+ x2 += j2;
+ x3 += j3;
+ x4 += j4;
+ x5 += j5;
+ x6 += j6;
+ x7 += j7;
+ x8 += j8;
+ x9 += j9;
+ x10 += j10;
+ x11 += j11;
+ x12 += j12;
+ x13 += j13;
+ x14 += j14;
+ x15 += j15;
+
+ x0 -= load_littleendian(c + 0);
+ x5 -= load_littleendian(c + 4);
+ x10 -= load_littleendian(c + 8);
+ x15 -= load_littleendian(c + 12);
+ x6 -= load_littleendian(in + 0);
+ x7 -= load_littleendian(in + 4);
+ x8 -= load_littleendian(in + 8);
+ x9 -= load_littleendian(in + 12);
+
+ store_littleendian(out + 0,x0);
+ store_littleendian(out + 4,x5);
+ store_littleendian(out + 8,x10);
+ store_littleendian(out + 12,x15);
+ store_littleendian(out + 16,x6);
+ store_littleendian(out + 20,x7);
+ store_littleendian(out + 24,x8);
+ store_littleendian(out + 28,x9);
+
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_core_salsa20.h b/security/manager/ssl/src/crypto_core_salsa20.h
new file mode 100644
index 0000000..5f634a1
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_salsa20.h
@@ -0,0 +1,12 @@
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#define crypto_core_salsa20_OUTPUTBYTES 64
+#define crypto_core_salsa20_INPUTBYTES 16
+#define crypto_core_salsa20_KEYBYTES 32
+#define crypto_core_salsa20_CONSTBYTES 16
+extern int crypto_core_salsa20(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/ref"
+#define crypto_core_salsa20_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_core_salsa2012.h b/security/manager/ssl/src/crypto_core_salsa2012.h
new file mode 100644
index 0000000..92d8308
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_salsa2012.h
@@ -0,0 +1,12 @@
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64
+#define crypto_core_salsa2012_INPUTBYTES 16
+#define crypto_core_salsa2012_KEYBYTES 32
+#define crypto_core_salsa2012_CONSTBYTES 16
+extern int crypto_core_salsa2012(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_salsa2012_IMPLEMENTATION "crypto_core/salsa2012/ref"
+#define crypto_core_salsa2012_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_core_salsa208.h b/security/manager/ssl/src/crypto_core_salsa208.h
new file mode 100644
index 0000000..ac6546c
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_salsa208.h
@@ -0,0 +1,12 @@
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#define crypto_core_salsa208_OUTPUTBYTES 64
+#define crypto_core_salsa208_INPUTBYTES 16
+#define crypto_core_salsa208_KEYBYTES 32
+#define crypto_core_salsa208_CONSTBYTES 16
+extern int crypto_core_salsa208(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_salsa208_IMPLEMENTATION "crypto_core/salsa208/ref"
+#define crypto_core_salsa208_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_core_salsa20_core.c b/security/manager/ssl/src/crypto_core_salsa20_core.c
new file mode 100644
index 0000000..8096791
--- /dev/null
+++ b/security/manager/ssl/src/crypto_core_salsa20_core.c
@@ -0,0 +1,134 @@
+/*
+version 20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa20.h"
+
+#define ROUNDS 20
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+ return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+ return
+ (uint32) (x[0]) \
+ | (((uint32) (x[1])) << 8) \
+ | (((uint32) (x[2])) << 16) \
+ | (((uint32) (x[3])) << 24)
+ ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+ x[0] = u; u >>= 8;
+ x[1] = u; u >>= 8;
+ x[2] = u; u >>= 8;
+ x[3] = u;
+}
+
+int crypto_core_salsa20(
+ unsigned char *out,
+ const unsigned char *in,
+ const unsigned char *k,
+ const unsigned char *c
+)
+{
+ uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+ uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+ int i;
+
+ j0 = x0 = load_littleendian(c + 0);
+ j1 = x1 = load_littleendian(k + 0);
+ j2 = x2 = load_littleendian(k + 4);
+ j3 = x3 = load_littleendian(k + 8);
+ j4 = x4 = load_littleendian(k + 12);
+ j5 = x5 = load_littleendian(c + 4);
+ j6 = x6 = load_littleendian(in + 0);
+ j7 = x7 = load_littleendian(in + 4);
+ j8 = x8 = load_littleendian(in + 8);
+ j9 = x9 = load_littleendian(in + 12);
+ j10 = x10 = load_littleendian(c + 8);
+ j11 = x11 = load_littleendian(k + 16);
+ j12 = x12 = load_littleendian(k + 20);
+ j13 = x13 = load_littleendian(k + 24);
+ j14 = x14 = load_littleendian(k + 28);
+ j15 = x15 = load_littleendian(c + 12);
+
+ for (i = ROUNDS;i > 0;i -= 2) {
+ x4 ^= rotate( x0+x12, 7);
+ x8 ^= rotate( x4+ x0, 9);
+ x12 ^= rotate( x8+ x4,13);
+ x0 ^= rotate(x12+ x8,18);
+ x9 ^= rotate( x5+ x1, 7);
+ x13 ^= rotate( x9+ x5, 9);
+ x1 ^= rotate(x13+ x9,13);
+ x5 ^= rotate( x1+x13,18);
+ x14 ^= rotate(x10+ x6, 7);
+ x2 ^= rotate(x14+x10, 9);
+ x6 ^= rotate( x2+x14,13);
+ x10 ^= rotate( x6+ x2,18);
+ x3 ^= rotate(x15+x11, 7);
+ x7 ^= rotate( x3+x15, 9);
+ x11 ^= rotate( x7+ x3,13);
+ x15 ^= rotate(x11+ x7,18);
+ x1 ^= rotate( x0+ x3, 7);
+ x2 ^= rotate( x1+ x0, 9);
+ x3 ^= rotate( x2+ x1,13);
+ x0 ^= rotate( x3+ x2,18);
+ x6 ^= rotate( x5+ x4, 7);
+ x7 ^= rotate( x6+ x5, 9);
+ x4 ^= rotate( x7+ x6,13);
+ x5 ^= rotate( x4+ x7,18);
+ x11 ^= rotate(x10+ x9, 7);
+ x8 ^= rotate(x11+x10, 9);
+ x9 ^= rotate( x8+x11,13);
+ x10 ^= rotate( x9+ x8,18);
+ x12 ^= rotate(x15+x14, 7);
+ x13 ^= rotate(x12+x15, 9);
+ x14 ^= rotate(x13+x12,13);
+ x15 ^= rotate(x14+x13,18);
+ }
+
+ x0 += j0;
+ x1 += j1;
+ x2 += j2;
+ x3 += j3;
+ x4 += j4;
+ x5 += j5;
+ x6 += j6;
+ x7 += j7;
+ x8 += j8;
+ x9 += j9;
+ x10 += j10;
+ x11 += j11;
+ x12 += j12;
+ x13 += j13;
+ x14 += j14;
+ x15 += j15;
+
+ store_littleendian(out + 0,x0);
+ store_littleendian(out + 4,x1);
+ store_littleendian(out + 8,x2);
+ store_littleendian(out + 12,x3);
+ store_littleendian(out + 16,x4);
+ store_littleendian(out + 20,x5);
+ store_littleendian(out + 24,x6);
+ store_littleendian(out + 28,x7);
+ store_littleendian(out + 32,x8);
+ store_littleendian(out + 36,x9);
+ store_littleendian(out + 40,x10);
+ store_littleendian(out + 44,x11);
+ store_littleendian(out + 48,x12);
+ store_littleendian(out + 52,x13);
+ store_littleendian(out + 56,x14);
+ store_littleendian(out + 60,x15);
+
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_hash.h b/security/manager/ssl/src/crypto_hash.h
new file mode 100644
index 0000000..c24f367
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hash.h
@@ -0,0 +1,12 @@
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+#include "crypto_hash_sha512.h"
+
+#define crypto_hash crypto_hash_sha512
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+#define crypto_hash_PRIMITIVE "sha512"
+#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
+#define crypto_hash_VERSION crypto_hash_sha512_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_hash_sha256.h b/security/manager/ssl/src/crypto_hash_sha256.h
new file mode 100644
index 0000000..c37258b
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hash_sha256.h
@@ -0,0 +1,9 @@
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+#define crypto_hash_sha256_BYTES 32
+extern int crypto_hash_sha256(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/ref"
+#define crypto_hash_sha256_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_hash_sha256_hash.c b/security/manager/ssl/src/crypto_hash_sha256_hash.c
new file mode 100644
index 0000000..8d68e33
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hash_sha256_hash.c
@@ -0,0 +1,69 @@
+/*
+20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_hashblocks_sha256.h"
+#include "crypto_hash_sha256.h"
+
+#define blocks crypto_hashblocks_sha256
+
+typedef unsigned int uint32;
+
+static const char iv[32] = {
+ 0x6a,0x09,0xe6,0x67,
+ 0xbb,0x67,0xae,0x85,
+ 0x3c,0x6e,0xf3,0x72,
+ 0xa5,0x4f,0xf5,0x3a,
+ 0x51,0x0e,0x52,0x7f,
+ 0x9b,0x05,0x68,0x8c,
+ 0x1f,0x83,0xd9,0xab,
+ 0x5b,0xe0,0xcd,0x19,
+} ;
+
+int crypto_hash_sha256(unsigned char *out,const unsigned char *in,unsigned long long inlen)
+{
+ unsigned char h[32];
+ unsigned char padded[128];
+ int i;
+ unsigned long long bits = inlen << 3;
+
+ for (i = 0;i < 32;++i) h[i] = iv[i];
+
+ blocks(h,in,inlen);
+ in += inlen;
+ inlen &= 63;
+ in -= inlen;
+
+ for (i = 0;i < inlen;++i) padded[i] = in[i];
+ padded[inlen] = 0x80;
+
+ if (inlen < 56) {
+ for (i = inlen + 1;i < 56;++i) padded[i] = 0;
+ padded[56] = bits >> 56;
+ padded[57] = bits >> 48;
+ padded[58] = bits >> 40;
+ padded[59] = bits >> 32;
+ padded[60] = bits >> 24;
+ padded[61] = bits >> 16;
+ padded[62] = bits >> 8;
+ padded[63] = bits;
+ blocks(h,padded,64);
+ } else {
+ for (i = inlen + 1;i < 120;++i) padded[i] = 0;
+ padded[120] = bits >> 56;
+ padded[121] = bits >> 48;
+ padded[122] = bits >> 40;
+ padded[123] = bits >> 32;
+ padded[124] = bits >> 24;
+ padded[125] = bits >> 16;
+ padded[126] = bits >> 8;
+ padded[127] = bits;
+ blocks(h,padded,128);
+ }
+
+ for (i = 0;i < 32;++i) out[i] = h[i];
+
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_hashblocks.h b/security/manager/ssl/src/crypto_hashblocks.h
new file mode 100644
index 0000000..ce389b6
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hashblocks.h
@@ -0,0 +1,13 @@
+#ifndef crypto_hashblocks_H
+#define crypto_hashblocks_H
+
+#include "crypto_hashblocks_sha512.h"
+
+#define crypto_hashblocks crypto_hashblocks_sha512
+#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES
+#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES
+#define crypto_hashblocks_PRIMITIVE "sha512"
+#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION
+#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_hashblocks_sha256.h b/security/manager/ssl/src/crypto_hashblocks_sha256.h
new file mode 100644
index 0000000..d9c7c7d
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hashblocks_sha256.h
@@ -0,0 +1,10 @@
+#ifndef crypto_hashblocks_sha256_H
+#define crypto_hashblocks_sha256_H
+
+#define crypto_hashblocks_sha256_STATEBYTES 32
+#define crypto_hashblocks_sha256_BLOCKBYTES 64
+extern int crypto_hashblocks_sha256(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/ref"
+#define crypto_hashblocks_sha256_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c b/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c
new file mode 100644
index 0000000..df10842
--- /dev/null
+++ b/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c
@@ -0,0 +1,212 @@
+#include "crypto_hashblocks_sha256.h"
+
+typedef unsigned int uint32;
+
+static uint32 load_bigendian(const unsigned char *x)
+{
+ return
+ (uint32) (x[3]) \
+ | (((uint32) (x[2])) << 8) \
+ | (((uint32) (x[1])) << 16) \
+ | (((uint32) (x[0])) << 24)
+ ;
+}
+
+static void store_bigendian(unsigned char *x,uint32 u)
+{
+ x[3] = u; u >>= 8;
+ x[2] = u; u >>= 8;
+ x[1] = u; u >>= 8;
+ x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+ M(w0 ,w14,w9 ,w1 ) \
+ M(w1 ,w15,w10,w2 ) \
+ M(w2 ,w0 ,w11,w3 ) \
+ M(w3 ,w1 ,w12,w4 ) \
+ M(w4 ,w2 ,w13,w5 ) \
+ M(w5 ,w3 ,w14,w6 ) \
+ M(w6 ,w4 ,w15,w7 ) \
+ M(w7 ,w5 ,w0 ,w8 ) \
+ M(w8 ,w6 ,w1 ,w9 ) \
+ M(w9 ,w7 ,w2 ,w10) \
+ M(w10,w8 ,w3 ,w11) \
+ M(w11,w9 ,w4 ,w12) \
+ M(w12,w10,w5 ,w13) \
+ M(w13,w11,w6 ,w14) \
+ M(w14,w12,w7 ,w15) \
+ M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+ T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+ T2 = Sigma0(a) + Maj(a,b,c); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + T1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = T1 + T2;
+
+int crypto_hashblocks_sha256(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+ uint32 state[8];
+ uint32 a;
+ uint32 b;
+ uint32 c;
+ uint32 d;
+ uint32 e;
+ uint32 f;
+ uint32 g;
+ uint32 h;
+ uint32 T1;
+ uint32 T2;
+
+ a = load_bigendian(statebytes + 0); state[0] = a;
+ b = load_bigendian(statebytes + 4); state[1] = b;
+ c = load_bigendian(statebytes + 8); state[2] = c;
+ d = load_bigendian(statebytes + 12); state[3] = d;
+ e = load_bigendian(statebytes + 16); state[4] = e;
+ f = load_bigendian(statebytes + 20); state[5] = f;
+ g = load_bigendian(statebytes + 24); state[6] = g;
+ h = load_bigendian(statebytes + 28); state[7] = h;
+
+ while (inlen >= 64) {
+ uint32 w0 = load_bigendian(in + 0);
+ uint32 w1 = load_bigendian(in + 4);
+ uint32 w2 = load_bigendian(in + 8);
+ uint32 w3 = load_bigendian(in + 12);
+ uint32 w4 = load_bigendian(in + 16);
+ uint32 w5 = load_bigendian(in + 20);
+ uint32 w6 = load_bigendian(in + 24);
+ uint32 w7 = load_bigendian(in + 28);
+ uint32 w8 = load_bigendian(in + 32);
+ uint32 w9 = load_bigendian(in + 36);
+ uint32 w10 = load_bigendian(in + 40);
+ uint32 w11 = load_bigendian(in + 44);
+ uint32 w12 = load_bigendian(in + 48);
+ uint32 w13 = load_bigendian(in + 52);
+ uint32 w14 = load_bigendian(in + 56);
+ uint32 w15 = load_bigendian(in + 60);
+
+ F(w0 ,0x428a2f98)
+ F(w1 ,0x71374491)
+ F(w2 ,0xb5c0fbcf)
+ F(w3 ,0xe9b5dba5)
+ F(w4 ,0x3956c25b)
+ F(w5 ,0x59f111f1)
+ F(w6 ,0x923f82a4)
+ F(w7 ,0xab1c5ed5)
+ F(w8 ,0xd807aa98)
+ F(w9 ,0x12835b01)
+ F(w10,0x243185be)
+ F(w11,0x550c7dc3)
+ F(w12,0x72be5d74)
+ F(w13,0x80deb1fe)
+ F(w14,0x9bdc06a7)
+ F(w15,0xc19bf174)
+
+ EXPAND
+
+ F(w0 ,0xe49b69c1)
+ F(w1 ,0xefbe4786)
+ F(w2 ,0x0fc19dc6)
+ F(w3 ,0x240ca1cc)
+ F(w4 ,0x2de92c6f)
+ F(w5 ,0x4a7484aa)
+ F(w6 ,0x5cb0a9dc)
+ F(w7 ,0x76f988da)
+ F(w8 ,0x983e5152)
+ F(w9 ,0xa831c66d)
+ F(w10,0xb00327c8)
+ F(w11,0xbf597fc7)
+ F(w12,0xc6e00bf3)
+ F(w13,0xd5a79147)
+ F(w14,0x06ca6351)
+ F(w15,0x14292967)
+
+ EXPAND
+
+ F(w0 ,0x27b70a85)
+ F(w1 ,0x2e1b2138)
+ F(w2 ,0x4d2c6dfc)
+ F(w3 ,0x53380d13)
+ F(w4 ,0x650a7354)
+ F(w5 ,0x766a0abb)
+ F(w6 ,0x81c2c92e)
+ F(w7 ,0x92722c85)
+ F(w8 ,0xa2bfe8a1)
+ F(w9 ,0xa81a664b)
+ F(w10,0xc24b8b70)
+ F(w11,0xc76c51a3)
+ F(w12,0xd192e819)
+ F(w13,0xd6990624)
+ F(w14,0xf40e3585)
+ F(w15,0x106aa070)
+
+ EXPAND
+
+ F(w0 ,0x19a4c116)
+ F(w1 ,0x1e376c08)
+ F(w2 ,0x2748774c)
+ F(w3 ,0x34b0bcb5)
+ F(w4 ,0x391c0cb3)
+ F(w5 ,0x4ed8aa4a)
+ F(w6 ,0x5b9cca4f)
+ F(w7 ,0x682e6ff3)
+ F(w8 ,0x748f82ee)
+ F(w9 ,0x78a5636f)
+ F(w10,0x84c87814)
+ F(w11,0x8cc70208)
+ F(w12,0x90befffa)
+ F(w13,0xa4506ceb)
+ F(w14,0xbef9a3f7)
+ F(w15,0xc67178f2)
+
+ a += state[0];
+ b += state[1];
+ c += state[2];
+ d += state[3];
+ e += state[4];
+ f += state[5];
+ g += state[6];
+ h += state[7];
+
+ state[0] = a;
+ state[1] = b;
+ state[2] = c;
+ state[3] = d;
+ state[4] = e;
+ state[5] = f;
+ state[6] = g;
+ state[7] = h;
+
+ in += 64;
+ inlen -= 64;
+ }
+
+ store_bigendian(statebytes + 0,state[0]);
+ store_bigendian(statebytes + 4,state[1]);
+ store_bigendian(statebytes + 8,state[2]);
+ store_bigendian(statebytes + 12,state[3]);
+ store_bigendian(statebytes + 16,state[4]);
+ store_bigendian(statebytes + 20,state[5]);
+ store_bigendian(statebytes + 24,state[6]);
+ store_bigendian(statebytes + 28,state[7]);
+
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_onetimeauth.h b/security/manager/ssl/src/crypto_onetimeauth.h
new file mode 100644
index 0000000..450e122
--- /dev/null
+++ b/security/manager/ssl/src/crypto_onetimeauth.h
@@ -0,0 +1,14 @@
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include "crypto_onetimeauth_poly1305.h"
+
+#define crypto_onetimeauth crypto_onetimeauth_poly1305
+#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION
+#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305.h b/security/manager/ssl/src/crypto_onetimeauth_poly1305.h
new file mode 100644
index 0000000..6dbc086
--- /dev/null
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305.h
@@ -0,0 +1,11 @@
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#define crypto_onetimeauth_poly1305_BYTES 16
+#define crypto_onetimeauth_poly1305_KEYBYTES 32
+extern int crypto_onetimeauth_poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_onetimeauth_poly1305_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/ref"
+#define crypto_onetimeauth_poly1305_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c b/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c
new file mode 100644
index 0000000..055fc06
--- /dev/null
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c
@@ -0,0 +1,104 @@
+/*
+20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_onetimeauth_poly1305.h"
+
+static void add(unsigned int h[17],const unsigned int c[17])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; }
+}
+
+static void squeeze(unsigned int h[17])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+ u += h[16]; h[16] = u & 3;
+ u = 5 * (u >> 2);
+ for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+ u += h[16]; h[16] = u;
+}
+
+static const unsigned int minusp[17] = {
+ 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+static void freeze(unsigned int h[17])
+{
+ unsigned int horig[17];
+ unsigned int j;
+ unsigned int negative;
+ for (j = 0;j < 17;++j) horig[j] = h[j];
+ add(h,minusp);
+ negative = -(h[16] >> 7);
+ for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]);
+}
+
+static void mulmod(unsigned int h[17],const unsigned int r[17])
+{
+ unsigned int hr[17];
+ unsigned int i;
+ unsigned int j;
+ unsigned int u;
+
+ for (i = 0;i < 17;++i) {
+ u = 0;
+ for (j = 0;j <= i;++j) u += h[j] * r[i - j];
+ for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j];
+ hr[i] = u;
+ }
+ for (i = 0;i < 17;++i) h[i] = hr[i];
+ squeeze(h);
+}
+
+int crypto_onetimeauth_poly1305(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+ unsigned int j;
+ unsigned int r[17];
+ unsigned int h[17];
+ unsigned int c[17];
+
+ r[0] = k[0];
+ r[1] = k[1];
+ r[2] = k[2];
+ r[3] = k[3] & 15;
+ r[4] = k[4] & 252;
+ r[5] = k[5];
+ r[6] = k[6];
+ r[7] = k[7] & 15;
+ r[8] = k[8] & 252;
+ r[9] = k[9];
+ r[10] = k[10];
+ r[11] = k[11] & 15;
+ r[12] = k[12] & 252;
+ r[13] = k[13];
+ r[14] = k[14];
+ r[15] = k[15] & 15;
+ r[16] = 0;
+
+ for (j = 0;j < 17;++j) h[j] = 0;
+
+ while (inlen > 0) {
+ for (j = 0;j < 17;++j) c[j] = 0;
+ for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j];
+ c[j] = 1;
+ in += j; inlen -= j;
+ add(h,c);
+ mulmod(h,r);
+ }
+
+ freeze(h);
+
+ for (j = 0;j < 16;++j) c[j] = k[j + 16];
+ c[16] = 0;
+ add(h,c);
+ for (j = 0;j < 16;++j) out[j] = h[j];
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c b/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c
new file mode 100644
index 0000000..7deb71d
--- /dev/null
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth_poly1305.h"
+
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+ unsigned char correct[16];
+ crypto_onetimeauth_poly1305(correct,in,inlen,k);
+ return crypto_verify_16(h,correct);
+}
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519.h b/security/manager/ssl/src/crypto_scalarmult_curve25519.h
new file mode 100644
index 0000000..cb03adf
--- /dev/null
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519.h
@@ -0,0 +1,11 @@
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#define crypto_scalarmult_curve25519_BYTES 32
+#define crypto_scalarmult_curve25519_SCALARBYTES 32
+extern int crypto_scalarmult_curve25519(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_curve25519_base(unsigned char *,const unsigned char *);
+#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/ref"
+#define crypto_scalarmult_curve25519_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c b/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c
new file mode 100644
index 0000000..a613b9b3
--- /dev/null
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c
@@ -0,0 +1,16 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult_curve25519.h"
+
+const unsigned char base[32] = {9};
+
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+ const unsigned char *n)
+{
+ return crypto_scalarmult_curve25519(q,n,base);
+}
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c b/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c
new file mode 100644
index 0000000..01533ae
--- /dev/null
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c
@@ -0,0 +1,265 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult_curve25519.h"
+
+static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; }
+ u += a[31] + b[31]; out[31] = u;
+}
+
+static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 218;
+ for (j = 0;j < 31;++j) {
+ u += a[j] + 65280 - b[j];
+ out[j] = u & 255;
+ u >>= 8;
+ }
+ u += a[31] - b[31];
+ out[31] = u;
+}
+
+static void squeeze(unsigned int a[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+ u += a[31]; a[31] = u & 127;
+ u = 19 * (u >> 7);
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+ u += a[31]; a[31] = u;
+}
+
+static const unsigned int minusp[32] = {
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128
+} ;
+
+static void freeze(unsigned int a[32])
+{
+ unsigned int aorig[32];
+ unsigned int j;
+ unsigned int negative;
+
+ for (j = 0;j < 32;++j) aorig[j] = a[j];
+ add(a,a,minusp);
+ negative = -((a[31] >> 7) & 1);
+ for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]);
+}
+
+static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int i;
+ unsigned int j;
+ unsigned int u;
+
+ for (i = 0;i < 32;++i) {
+ u = 0;
+ for (j = 0;j <= i;++j) u += a[j] * b[i - j];
+ for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j];
+ out[i] = u;
+ }
+ squeeze(out);
+}
+
+static void mult121665(unsigned int out[32],const unsigned int a[32])
+{
+ unsigned int j;
+ unsigned int u;
+
+ u = 0;
+ for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; }
+ u += 121665 * a[31]; out[31] = u & 127;
+ u = 19 * (u >> 7);
+ for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; }
+ u += out[j]; out[j] = u;
+}
+
+static void square(unsigned int out[32],const unsigned int a[32])
+{
+ unsigned int i;
+ unsigned int j;
+ unsigned int u;
+
+ for (i = 0;i < 32;++i) {
+ u = 0;
+ for (j = 0;j < i - j;++j) u += a[j] * a[i - j];
+ for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j];
+ u *= 2;
+ if ((i & 1) == 0) {
+ u += a[i / 2] * a[i / 2];
+ u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+ }
+ out[i] = u;
+ }
+ squeeze(out);
+}
+
+static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b)
+{
+ unsigned int j;
+ unsigned int t;
+ unsigned int bminus1;
+
+ bminus1 = b - 1;
+ for (j = 0;j < 64;++j) {
+ t = bminus1 & (r[j] ^ s[j]);
+ p[j] = s[j] ^ t;
+ q[j] = r[j] ^ t;
+ }
+}
+
+static void mainloop(unsigned int work[64],const unsigned char e[32])
+{
+ unsigned int xzm1[64];
+ unsigned int xzm[64];
+ unsigned int xzmb[64];
+ unsigned int xzm1b[64];
+ unsigned int xznb[64];
+ unsigned int xzn1b[64];
+ unsigned int a0[64];
+ unsigned int a1[64];
+ unsigned int b0[64];
+ unsigned int b1[64];
+ unsigned int c1[64];
+ unsigned int r[32];
+ unsigned int s[32];
+ unsigned int t[32];
+ unsigned int u[32];
+ unsigned int i;
+ unsigned int j;
+ unsigned int b;
+ int pos;
+
+ for (j = 0;j < 32;++j) xzm1[j] = work[j];
+ xzm1[32] = 1;
+ for (j = 33;j < 64;++j) xzm1[j] = 0;
+
+ xzm[0] = 1;
+ for (j = 1;j < 64;++j) xzm[j] = 0;
+
+ for (pos = 254;pos >= 0;--pos) {
+ b = e[pos / 8] >> (pos & 7);
+ b &= 1;
+ select(xzmb,xzm1b,xzm,xzm1,b);
+ add(a0,xzmb,xzmb + 32);
+ sub(a0 + 32,xzmb,xzmb + 32);
+ add(a1,xzm1b,xzm1b + 32);
+ sub(a1 + 32,xzm1b,xzm1b + 32);
+ square(b0,a0);
+ square(b0 + 32,a0 + 32);
+ mult(b1,a1,a0 + 32);
+ mult(b1 + 32,a1 + 32,a0);
+ add(c1,b1,b1 + 32);
+ sub(c1 + 32,b1,b1 + 32);
+ square(r,c1 + 32);
+ sub(s,b0,b0 + 32);
+ mult121665(t,s);
+ add(u,t,b0);
+ mult(xznb,b0,b0 + 32);
+ mult(xznb + 32,s,u);
+ square(xzn1b,c1);
+ mult(xzn1b + 32,r,work);
+ select(xzm,xzm1,xznb,xzn1b,b);
+ }
+
+ for (j = 0;j < 64;++j) work[j] = xzm[j];
+}
+
+static void recip(unsigned int out[32],const unsigned int z[32])
+{
+ unsigned int z2[32];
+ unsigned int z9[32];
+ unsigned int z11[32];
+ unsigned int z2_5_0[32];
+ unsigned int z2_10_0[32];
+ unsigned int z2_20_0[32];
+ unsigned int z2_50_0[32];
+ unsigned int z2_100_0[32];
+ unsigned int t0[32];
+ unsigned int t1[32];
+ int i;
+
+ /* 2 */ square(z2,z);
+ /* 4 */ square(t1,z2);
+ /* 8 */ square(t0,t1);
+ /* 9 */ mult(z9,t0,z);
+ /* 11 */ mult(z11,z9,z2);
+ /* 22 */ square(t0,z11);
+ /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+ /* 2^6 - 2^1 */ square(t0,z2_5_0);
+ /* 2^7 - 2^2 */ square(t1,t0);
+ /* 2^8 - 2^3 */ square(t0,t1);
+ /* 2^9 - 2^4 */ square(t1,t0);
+ /* 2^10 - 2^5 */ square(t0,t1);
+ /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+ /* 2^11 - 2^1 */ square(t0,z2_10_0);
+ /* 2^12 - 2^2 */ square(t1,t0);
+ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+ /* 2^21 - 2^1 */ square(t0,z2_20_0);
+ /* 2^22 - 2^2 */ square(t1,t0);
+ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+ /* 2^41 - 2^1 */ square(t1,t0);
+ /* 2^42 - 2^2 */ square(t0,t1);
+ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+ /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+ /* 2^51 - 2^1 */ square(t0,z2_50_0);
+ /* 2^52 - 2^2 */ square(t1,t0);
+ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+ /* 2^101 - 2^1 */ square(t1,z2_100_0);
+ /* 2^102 - 2^2 */ square(t0,t1);
+ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+ /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+ /* 2^201 - 2^1 */ square(t0,t1);
+ /* 2^202 - 2^2 */ square(t1,t0);
+ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+ /* 2^251 - 2^1 */ square(t1,t0);
+ /* 2^252 - 2^2 */ square(t0,t1);
+ /* 2^253 - 2^3 */ square(t1,t0);
+ /* 2^254 - 2^4 */ square(t0,t1);
+ /* 2^255 - 2^5 */ square(t1,t0);
+ /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+int crypto_scalarmult_curve25519(unsigned char *q,
+ const unsigned char *n,
+ const unsigned char *p)
+{
+ unsigned int work[96];
+ unsigned char e[32];
+ unsigned int i;
+ for (i = 0;i < 32;++i) e[i] = n[i];
+ e[0] &= 248;
+ e[31] &= 127;
+ e[31] |= 64;
+ for (i = 0;i < 32;++i) work[i] = p[i];
+ mainloop(work,e);
+ recip(work + 32,work + 32);
+ mult(work + 64,work,work + 32);
+ freeze(work + 64);
+ for (i = 0;i < 32;++i) q[i] = work[64 + i];
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_secretbox.h b/security/manager/ssl/src/crypto_secretbox.h
new file mode 100644
index 0000000..7409dd0
--- /dev/null
+++ b/security/manager/ssl/src/crypto_secretbox.h
@@ -0,0 +1,16 @@
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
+#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
+#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h
new file mode 100644
index 0000000..58471fe
--- /dev/null
+++ b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h
@@ -0,0 +1,13 @@
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16
+extern int crypto_secretbox_xsalsa20poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_secretbox_xsalsa20poly1305_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/ref"
+#define crypto_secretbox_xsalsa20poly1305_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c
new file mode 100644
index 0000000..b65cb8f
--- /dev/null
+++ b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c
@@ -0,0 +1,35 @@
+#include "crypto_onetimeauth_poly1305.h"
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+int crypto_secretbox_xsalsa20poly1305(
+ unsigned char *c,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ int i;
+ if (mlen < 32) return -1;
+ crypto_stream_xsalsa20_xor(c,m,mlen,n,k);
+ crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c);
+ for (i = 0;i < 16;++i) c[i] = 0;
+ return 0;
+}
+
+int crypto_secretbox_xsalsa20poly1305_open(
+ unsigned char *m,
+ const unsigned char *c,unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ int i;
+ unsigned char subkey[32];
+ if (clen < 32) return -1;
+ crypto_stream_xsalsa20(subkey,32,n,k);
+ if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1;
+ crypto_stream_xsalsa20_xor(m,c,clen,n,k);
+ for (i = 0;i < 32;++i) m[i] = 0;
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_stream.h b/security/manager/ssl/src/crypto_stream.h
new file mode 100644
index 0000000..02d2409
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream.h
@@ -0,0 +1,18 @@
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+#include "crypto_stream_xsalsa20.h"
+
+#define crypto_stream crypto_stream_xsalsa20
+#define crypto_stream_xor crypto_stream_xsalsa20_xor
+#define crypto_stream_beforenm crypto_stream_xsalsa20_beforenm
+#define crypto_stream_afternm crypto_stream_xsalsa20_afternm
+#define crypto_stream_xor_afternm crypto_stream_xsalsa20_xor_afternm
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+#define crypto_stream_BEFORENMBYTES crypto_stream_xsalsa20_BEFORENMBYTES
+#define crypto_stream_PRIMITIVE "xsalsa20"
+#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION
+#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION
+
+#endif
diff --git a/security/manager/ssl/src/crypto_stream_salsa20.h b/security/manager/ssl/src/crypto_stream_salsa20.h
new file mode 100644
index 0000000..6242ec1
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_salsa20.h
@@ -0,0 +1,14 @@
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+#define crypto_stream_salsa20_KEYBYTES 32
+#define crypto_stream_salsa20_NONCEBYTES 8
+extern int crypto_stream_salsa20(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/ref"
+#define crypto_stream_salsa20_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_stream_salsa20_stream.c b/security/manager/ssl/src/crypto_stream_salsa20_stream.c
new file mode 100644
index 0000000..26417d0
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_salsa20_stream.c
@@ -0,0 +1,49 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa20.h"
+#include "crypto_stream_salsa20.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_salsa20(
+ unsigned char *c,unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ unsigned char in[16];
+ unsigned char block[64];
+ int i;
+ unsigned int u;
+
+ if (!clen) return 0;
+
+ for (i = 0;i < 8;++i) in[i] = n[i];
+ for (i = 8;i < 16;++i) in[i] = 0;
+
+ while (clen >= 64) {
+ crypto_core_salsa20(c,in,k,sigma);
+
+ u = 1;
+ for (i = 8;i < 16;++i) {
+ u += (unsigned int) in[i];
+ in[i] = u;
+ u >>= 8;
+ }
+
+ clen -= 64;
+ c += 64;
+ }
+
+ if (clen) {
+ crypto_core_salsa20(block,in,k,sigma);
+ for (i = 0;i < clen;++i) c[i] = block[i];
+ }
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_stream_salsa20_xor.c b/security/manager/ssl/src/crypto_stream_salsa20_xor.c
new file mode 100644
index 0000000..620aab2
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_salsa20_xor.c
@@ -0,0 +1,52 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa20.h"
+#include "crypto_stream_salsa20.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_salsa20_xor(
+ unsigned char *c,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ unsigned char in[16];
+ unsigned char block[64];
+ int i;
+ unsigned int u;
+
+ if (!mlen) return 0;
+
+ for (i = 0;i < 8;++i) in[i] = n[i];
+ for (i = 8;i < 16;++i) in[i] = 0;
+
+ while (mlen >= 64) {
+ crypto_core_salsa20(block,in,k,sigma);
+ for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i];
+
+ u = 1;
+ for (i = 8;i < 16;++i) {
+ u += (unsigned int) in[i];
+ in[i] = u;
+ u >>= 8;
+ }
+
+ mlen -= 64;
+ c += 64;
+ m += 64;
+ }
+
+ if (mlen) {
+ crypto_core_salsa20(block,in,k,sigma);
+ for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i];
+ }
+ return 0;
+}
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20.h b/security/manager/ssl/src/crypto_stream_xsalsa20.h
new file mode 100644
index 0000000..5e9c3c6
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20.h
@@ -0,0 +1,14 @@
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+#define crypto_stream_xsalsa20_KEYBYTES 32
+#define crypto_stream_xsalsa20_NONCEBYTES 24
+extern int crypto_stream_xsalsa20(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/ref"
+#define crypto_stream_xsalsa20_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c b/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c
new file mode 100644
index 0000000..f1180d4
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c
@@ -0,0 +1,22 @@
+/*
+version 20080914
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_hsalsa20.h"
+#include "crypto_stream_salsa20.h"
+#include "crypto_stream_xsalsa20.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xsalsa20(
+ unsigned char *c,unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ unsigned char subkey[32];
+ crypto_core_hsalsa20(subkey,n,k,sigma);
+ return crypto_stream_salsa20(c,clen,n + 16,subkey);
+}
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c b/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c
new file mode 100644
index 0000000..319ba3c
--- /dev/null
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c
@@ -0,0 +1,23 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_hsalsa20.h"
+#include "crypto_stream_salsa20.h"
+#include "crypto_stream_xsalsa20.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xsalsa20_xor(
+ unsigned char *c,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k
+)
+{
+ unsigned char subkey[32];
+ crypto_core_hsalsa20(subkey,n,k,sigma);
+ return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey);
+}
diff --git a/security/manager/ssl/src/crypto_uint32.h b/security/manager/ssl/src/crypto_uint32.h
new file mode 100644
index 0000000..e756f50
--- /dev/null
+++ b/security/manager/ssl/src/crypto_uint32.h
@@ -0,0 +1,5 @@
+#ifndef crypto_uint32_H
+#define crypto_uint32_H
+
+typedef unsigned int crypto_uint32;
+#endif
diff --git a/security/manager/ssl/src/crypto_uint64.h b/security/manager/ssl/src/crypto_uint64.h
new file mode 100644
index 0000000..661153f
--- /dev/null
+++ b/security/manager/ssl/src/crypto_uint64.h
@@ -0,0 +1,5 @@
+#ifndef crypto_uint64_H
+#define crypto_uint64_H
+
+typedef unsigned int crypto_uint64;
+#endif
diff --git a/security/manager/ssl/src/crypto_verify_16.h b/security/manager/ssl/src/crypto_verify_16.h
new file mode 100644
index 0000000..8b7364f
--- /dev/null
+++ b/security/manager/ssl/src/crypto_verify_16.h
@@ -0,0 +1,9 @@
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#define crypto_verify_16_BYTES 16
+extern int crypto_verify_16(const unsigned char *,const unsigned char *);
+#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/ref"
+#define crypto_verify_16_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/crypto_verify_16_verify.c b/security/manager/ssl/src/crypto_verify_16_verify.c
new file mode 100644
index 0000000..d933e1b
--- /dev/null
+++ b/security/manager/ssl/src/crypto_verify_16_verify.c
@@ -0,0 +1,24 @@
+#include "crypto_verify_16.h"
+
+int crypto_verify_16(const unsigned char *x,const unsigned char *y)
+{
+ unsigned int differentbits = 0;
+#define F(i) differentbits |= x[i] ^ y[i];
+ F(0)
+ F(1)
+ F(2)
+ F(3)
+ F(4)
+ F(5)
+ F(6)
+ F(7)
+ F(8)
+ F(9)
+ F(10)
+ F(11)
+ F(12)
+ F(13)
+ F(14)
+ F(15)
+ return (1 & ((differentbits - 1) >> 8)) - 1;
+}
diff --git a/security/manager/ssl/src/crypto_verify_32.h b/security/manager/ssl/src/crypto_verify_32.h
new file mode 100644
index 0000000..cbdd34b
--- /dev/null
+++ b/security/manager/ssl/src/crypto_verify_32.h
@@ -0,0 +1,9 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#define crypto_verify_32_BYTES 32
+extern int crypto_verify_32(const unsigned char *,const unsigned char *);
+#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/ref"
+#define crypto_verify_32_VERSION "-"
+
+#endif
diff --git a/security/manager/ssl/src/nsNACL.cpp b/security/manager/ssl/src/nsNACL.cpp
new file mode 100644
index 0000000..129deed
--- /dev/null
+++ b/security/manager/ssl/src/nsNACL.cpp
@@ -0,0 +1,355 @@
+
+#include "nsNACL.h"
+#include "nsMemory.h"
+#include "nsString.h"
+//#include "jsapi.h"
+#include "jsfriendapi.h"
+
+//#include "nsStringGlue.h"
+#include "mozilla/Base64.h"
+
+extern "C" {
+#include "crypto_hash_sha256.h"
+#include "crypto_box.h"
+}
+
+NS_IMPL_ISUPPORTS1(nsNACL, nsINACL)
+
+nsNACL::nsNACL()
+{
+}
+
+/*
+ nsCString tmpStr;
+ Base64urlEncode(data, len, tmpStr);
+*/
+NS_IMETHODIMP
+nsNACL::GetVersion(char **_retval)
+{
+ //nsAString version;
+ //_retval.AssignASCII("version-0");
+ //_retval = NS_LITERAL_STRING("version-0");
+ *_retval = (char *) nsMemory::Clone("version-0", 10);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::GetVersion2(nsACString &_retval)
+{
+ //nsAString version;
+ //_retval.AssignASCII("version-0");
+ _retval.Assign(NS_LITERAL_CSTRING("version-0"));
+ //*version = (char *) nsMemory::Clone("version-0", 10);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::GetVersion3(nsACString &_retval)
+{
+ _retval.Assign(NS_LITERAL_CSTRING("version-0"));
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::Hello_world(const nsACString &world, nsACString &_retval)
+{
+ //char *s;
+ /*
+ s = reinterpret_cast<char*>(moz_malloc(12));
+ if (!s)
+ return NS_ERROR_OUT_OF_MEMORY;
+ strcpy(s, "hello world", 12);
+ *_rval = s;
+ */
+
+ //_retval.Assign(NS_LITERAL_CSTRING("hello world"));
+ _retval.Assign(NS_LITERAL_CSTRING("hello"));
+ _retval.Append(world);
+
+ //*_rval = (char *) nsMemory::Clone("hello world", 12);
+ // *_rval = nsnull;
+ //*_rval = "hello world";// MEMORY OWNERSHIP!
+ /*
+ JSObject *output = ArrayBufferObject::create(context(), 11, "hello world");
+ // JS_NewUint8Array(cx, 11);
+ int i;
+ for (i=0; i<11; i++)
+ JS_GetElement(cx, output,
+
+ // uint8_t* = JS_GetUint8ArrayData(jsobj, cx)
+ // JS_GetArrayBufferData(), JS_GetArrayBufferByteLength()
+ // Uint8Array::create(arraybuffer)
+
+ */
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::Accept_array(const jsval& input,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ /*
+ * multiple "views" point into a "buffer" (ArrayBuffer).
+ * views are subclasses of ArrayBufferView
+ * views are also called "arrays"
+ * view subclasses have names like "Uint8Array"
+ * there's a special kind of view named "DataView" for pulling arbitrary
+ shapes from arbitrary offsets
+ */
+ JSObject *msg = JSVAL_TO_OBJECT(input);
+ if (!JS_IsUint8Array(msg, cx))
+ return NS_ERROR_FAILURE;
+ //uint8_t *indata = JS_GetUint8ArrayData(msg, cx);
+ uint8_t outdata[8] = {3,4,5,6,7,8,9,10};
+ JSObject *array = JS_NewUint8Array(cx, 8);
+ if (!array) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+ memcpy(JS_GetArrayBufferViewData(array, cx), outdata, 8);
+ //jsval v = INT_TO_JSVAL(indata[0]+40);
+ //JS_SetElement(cx, array, 0, &v);
+ // unsigned char*data = static_cast<unsigned char*>(JS_GetTypedArrayData(view))
+ *_retval = OBJECT_TO_JSVAL(array);
+ return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsNACL::ArrayToB64(const jsval& array,
+ JSContext* cx, nsACString &_retval)
+{
+ JSObject *array_obj = JSVAL_TO_OBJECT(array);
+ if (!JS_IsUint8Array(array_obj, cx))
+ return NS_ERROR_FAILURE;
+ nsCString tmpStr;
+ size_t length = JS_GetTypedArrayLength(array_obj, cx);
+ tmpStr.SetLength(length);
+ if (tmpStr.Length() != length)
+ return NS_ERROR_OUT_OF_MEMORY;
+ memcpy(tmpStr.BeginWriting(), JS_GetUint8ArrayData(array_obj, cx), length);
+ nsCString outStr;
+ nsresult rv = mozilla::Base64Encode(tmpStr, outStr);
+ if (NS_FAILED(rv)) {
+ return NS_ERROR_FAILURE;
+ }
+ _retval = outStr;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::B64ToArray(const nsACString& aString,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ nsCString tmpStr;
+ nsresult rv = mozilla::Base64Decode(aString, tmpStr);
+ if (NS_FAILED(rv)) {
+ return NS_ERROR_FAILURE;
+ }
+ const char *start = tmpStr.BeginReading();
+ const char *end = tmpStr.EndReading();
+ JSObject *output = JS_NewUint8Array(cx, end - start);
+ uint8_t *target = JS_GetUint8ArrayData(output, cx);
+ memcpy(target, start, end-start);
+ *_retval = OBJECT_TO_JSVAL(output);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::StringToArrayOfUTF8(const nsAString &aString,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ char *utf8 = ToNewUTF8String(aString);
+ if (!utf8)
+ return NS_ERROR_OUT_OF_MEMORY;
+ size_t length = strlen(utf8);
+ JSObject *output = JS_NewUint8Array(cx, length);
+ if (!output) {
+ NS_Free(utf8);
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+ uint8_t *target = JS_GetUint8ArrayData(output, cx);
+ memcpy(target, utf8, length);
+ NS_Free(utf8);
+ *_retval = OBJECT_TO_JSVAL(output);
+ return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsNACL::Hash_sha256(const jsval& msg_jsval,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ JSObject *msg_obj = JSVAL_TO_OBJECT(msg_jsval);
+ if (!JS_IsUint8Array(msg_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *msg_data = JS_GetUint8ArrayData(msg_obj, cx);
+ size_t msg_data_length = JS_GetTypedArrayLength(msg_obj, cx);
+
+ JSObject *out_array = JS_NewUint8Array(cx, 32);
+ if (!out_array)
+ return NS_ERROR_OUT_OF_MEMORY;
+ uint8_t *out_data = (uint8_t *)JS_GetArrayBufferViewData(out_array, cx);
+
+ crypto_hash_sha256(out_data, msg_data, msg_data_length);
+
+ *_retval = OBJECT_TO_JSVAL(out_array);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::Box(const jsval& msg_jsval,
+ const jsval& nonce_jsval,
+ const jsval& pk_jsval,
+ const jsval& sk_jsval,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ JSObject *msg_obj = JSVAL_TO_OBJECT(msg_jsval);
+ if (!JS_IsUint8Array(msg_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *msg_data = JS_GetUint8ArrayData(msg_obj, cx);
+ size_t msg_data_length = JS_GetTypedArrayLength(msg_obj, cx);
+
+ JSObject *nonce_obj = JSVAL_TO_OBJECT(nonce_jsval);
+ if (!JS_IsUint8Array(nonce_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *nonce_data = JS_GetUint8ArrayData(nonce_obj, cx);
+ if (JS_GetTypedArrayLength(nonce_obj, cx) != 24)
+ return NS_ERROR_FAILURE;
+
+ JSObject *pk_obj = JSVAL_TO_OBJECT(pk_jsval);
+ if (!JS_IsUint8Array(pk_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *pk_data = JS_GetUint8ArrayData(pk_obj, cx);
+ if (JS_GetTypedArrayLength(pk_obj, cx) != 32)
+ return NS_ERROR_FAILURE;
+
+ JSObject *sk_obj = JSVAL_TO_OBJECT(sk_jsval);
+ if (!JS_IsUint8Array(sk_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *sk_data = JS_GetUint8ArrayData(sk_obj, cx);
+ if (JS_GetTypedArrayLength(sk_obj, cx) != 32)
+ return NS_ERROR_FAILURE;
+
+ // the crazy nacl API requires us to prefix the message we give
+ // crypto_box with 32 (crypto_box_ZEROBYTES) null bytes. The message it
+ // gives back will be prefixed with 16 (crypto_box_BOXZEROBYTES) null
+ // bytes, which we don't have to send. I have still not figured out why
+ // it does this: it needs 16 extra bytes are for the MAC tag, but I think
+ // the rest is for use as a scratchpad of some sort.
+ size_t padded_msg_data_length = crypto_box_ZEROBYTES+msg_data_length;
+ uint8_t *padded_msg_data = (uint8_t *)malloc(padded_msg_data_length);
+ if (!padded_msg_data)
+ return NS_ERROR_OUT_OF_MEMORY;
+ memset(padded_msg_data, 0, crypto_box_ZEROBYTES);
+ memcpy(padded_msg_data+crypto_box_ZEROBYTES, msg_data, msg_data_length);
+ size_t padded_output_data_length = padded_msg_data_length;
+ uint8_t *padded_output_data = (uint8_t *)malloc(padded_output_data_length);
+ if (!padded_output_data) {
+ free(padded_msg_data);
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ size_t output_data_length = padded_output_data_length - crypto_box_BOXZEROBYTES;
+ JSObject *out_array = JS_NewUint8Array(cx, output_data_length);
+ if (!out_array) {
+ free(padded_msg_data);
+ free(padded_output_data);
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ printf("box: given %ld bytes, padded to %ld, returning %ld\n",
+ msg_data_length, padded_msg_data_length, output_data_length);
+ crypto_box(padded_output_data, padded_msg_data, padded_msg_data_length,
+ nonce_data, pk_data, sk_data);
+
+ uint8_t *out_data = (uint8_t *)JS_GetArrayBufferViewData(out_array, cx);
+ memcpy(out_data, crypto_box_BOXZEROBYTES+padded_output_data,
+ output_data_length);
+
+ free(padded_msg_data);
+ free(padded_output_data);
+
+ *_retval = OBJECT_TO_JSVAL(out_array);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNACL::Box_open(const jsval& ct_jsval,
+ const jsval& nonce_jsval,
+ const jsval& pk_jsval,
+ const jsval& sk_jsval,
+ JSContext* cx, jsval* _retval NS_OUTPARAM)
+{
+ JSObject *ct_obj = JSVAL_TO_OBJECT(ct_jsval);
+ if (!JS_IsUint8Array(ct_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *ct_data = JS_GetUint8ArrayData(ct_obj, cx);
+ size_t ct_data_length = JS_GetTypedArrayLength(ct_obj, cx);
+
+ JSObject *nonce_obj = JSVAL_TO_OBJECT(nonce_jsval);
+ if (!JS_IsUint8Array(nonce_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *nonce_data = JS_GetUint8ArrayData(nonce_obj, cx);
+ if (JS_GetTypedArrayLength(nonce_obj, cx) != 24)
+ return NS_ERROR_FAILURE;
+
+ JSObject *pk_obj = JSVAL_TO_OBJECT(pk_jsval);
+ if (!JS_IsUint8Array(pk_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *pk_data = JS_GetUint8ArrayData(pk_obj, cx);
+ if (JS_GetTypedArrayLength(pk_obj, cx) != 32)
+ return NS_ERROR_FAILURE;
+
+ JSObject *sk_obj = JSVAL_TO_OBJECT(sk_jsval);
+ if (!JS_IsUint8Array(sk_obj, cx))
+ return NS_ERROR_FAILURE;
+ uint8_t *sk_data = JS_GetUint8ArrayData(sk_obj, cx);
+ if (JS_GetTypedArrayLength(sk_obj, cx) != 32)
+ return NS_ERROR_FAILURE;
+
+ size_t padded_ct_data_length = crypto_box_BOXZEROBYTES+ct_data_length;
+ uint8_t *padded_ct_data = (uint8_t *)malloc(padded_ct_data_length);
+ if (!padded_ct_data)
+ return NS_ERROR_OUT_OF_MEMORY;
+ memset(padded_ct_data, 0, crypto_box_BOXZEROBYTES);
+ memcpy(padded_ct_data+crypto_box_BOXZEROBYTES, ct_data, ct_data_length);
+ size_t padded_msg_data_length = padded_ct_data_length;
+ uint8_t *padded_msg_data = (uint8_t *)malloc(padded_msg_data_length);
+ if (!padded_msg_data) {
+ free(padded_ct_data);
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ size_t msg_data_length = padded_msg_data_length - crypto_box_ZEROBYTES;
+ JSObject *msg_array = JS_NewUint8Array(cx, msg_data_length);
+ if (!msg_array) {
+ free(padded_ct_data);
+ free(padded_msg_data);
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ printf("open: given %ld bytes, padded to %ld, returning %ld\n",
+ ct_data_length, padded_ct_data_length, msg_data_length);
+ int rc = crypto_box_open(padded_msg_data,
+ padded_ct_data, padded_ct_data_length,
+ nonce_data, pk_data, sk_data);
+ if (rc != 0) {
+ free(padded_ct_data);
+ free(padded_msg_data);
+ return NS_ERROR_FAILURE; // integrity failure
+ }
+
+ uint8_t *msg_data = (uint8_t *)JS_GetArrayBufferViewData(msg_array, cx);
+ memcpy(msg_data, padded_msg_data+crypto_box_ZEROBYTES, msg_data_length);
+
+ free(padded_ct_data);
+ free(padded_msg_data);
+
+ *_retval = OBJECT_TO_JSVAL(msg_array);
+ return NS_OK;
+}
+
+nsNACL::~nsNACL()
+{}
+
diff --git a/security/manager/ssl/src/nsNACL.h b/security/manager/ssl/src/nsNACL.h
new file mode 100644
index 0000000..6027ea4
--- /dev/null
+++ b/security/manager/ssl/src/nsNACL.h
@@ -0,0 +1,24 @@
+
+#ifndef nsNACL_h
+#define nsNACL_h
+
+#include "nsINACL.h"
+
+#define NS_NACL_CONTRACTID "@mozilla.org/nacl;1"
+#define NS_NACL_COMPONENT_CLASSNAME "NACL BABY"
+#define NS_NACL_CID \
+ {0x77fc331b, 0x786c, 0x43b8, {0xb6, 0x06, 0xc5, 0x4d, 0xc0, 0x74, 0xaa, 0x09}}
+
+class nsNACL : public nsINACL
+{
+public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSINACL
+ nsNACL();
+private:
+ ~nsNACL();
+};
+
+
+
+#endif
diff --git a/security/manager/ssl/src/nsNSSModule.cpp b/security/manager/ssl/src/nsNSSModule.cpp
index 2972fb7..ded52c3 100644
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -78,6 +78,7 @@
#include "nsSSLStatus.h"
#include "nsNSSIOLayer.h"
#include "NSSErrorsService.h"
+#include "nsNACL.h"
#include "nsNSSVersion.h"
#include "nsXULAppAPI.h"
@@ -248,6 +249,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsCertOverrideService, Init)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNACL)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsRecentBadCertsService, Init)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsNSSSocketInfo)
@@ -287,6 +289,7 @@ NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
+NS_DEFINE_NAMED_CID(NS_NACL_CID);
NS_DEFINE_NAMED_CID(NS_RECENTBADCERTS_CID);
NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
NS_DEFINE_NAMED_CID(NS_NSSSOCKETINFO_CID);
@@ -325,6 +328,7 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
{ &kNS_DATASIGNATUREVERIFIER_CID, false, NULL, nsDataSignatureVerifierConstructor },
{ &kNS_CERTOVERRIDE_CID, false, NULL, nsCertOverrideServiceConstructor },
{ &kNS_RANDOMGENERATOR_CID, false, NULL, nsRandomGeneratorConstructor },
+ { &kNS_NACL_CID, false, NULL, nsNACLConstructor },
{ &kNS_RECENTBADCERTS_CID, false, NULL, nsRecentBadCertsServiceConstructor },
{ &kNS_SSLSTATUS_CID, false, NULL, nsSSLStatusConstructor },
{ &kNS_NSSSOCKETINFO_CID, false, NULL, nsNSSSocketInfoConstructor },
@@ -368,6 +372,7 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
{ NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
{ NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
{ NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
+ { NS_NACL_CONTRACTID, &kNS_NACL_CID },
{ NS_RECENTBADCERTS_CONTRACTID, &kNS_RECENTBADCERTS_CID },
{ NULL }
};
diff --git a/security/manager/ssl/tests/unit/test_nacl.js b/security/manager/ssl/tests/unit/test_nacl.js
new file mode 100644
index 0000000..f6221d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nacl.js
@@ -0,0 +1,61 @@
+let Ci = Components.interfaces;
+let Cc = Components.classes;
+let Cu = Components.utils;
+let Cr = Components.results;
+
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "NACL", function () {
+ return Cc["@mozilla.org/nacl;1"].createInstance(Ci.nsINACL);
+});
+
+function NOT_ascii_to_array(s) {
+ let g = new Uint8Array(s.length);
+ for (var i = 0; i < s.length; i++)
+ g[i] = s.charCodeAt(i);
+ return g;
+}
+
+function array_to_ascii(a) {
+ let out = "";
+ for (var i = 0; i < a.length; i++)
+ out = out.concat(String.fromCharCode(a[i]));
+ return out;
+}
+
+const ascii_to_array = NACL.stringToArrayOfUTF8;
+
+function run_test()
+{
+ const a = Uint8Array(10);
+ do_check_eq(NACL.arrayToB64(a), "AAAAAAAAAAAAAA==");
+ const b = NACL.b64ToArray("AAAAAAAAAAAAAA==");
+ do_check_eq(b.length, 10);
+ for (var i = 0; i < 10; i++)
+ do_check_eq(b[i], 0);
+ do_check_eq(array_to_ascii(ascii_to_array("hello")), "hello");
+
+ const c = NACL.stringToArrayOfUTF8("hello");
+ do_check_eq(c.length, 5);
+ do_check_eq(c[0], "hello".charCodeAt(0));
+ do_check_eq(c[4], "hello".charCodeAt(4));
+
+ const decode = NACL.b64ToArray;
+ const encode = NACL.arrayToB64;
+ const alicepk = decode("ekX+MTMT+nh8zER8K8rKfS/6oJM3Nule1dsKJxM1iwk=");
+ const alicesk = decode("8pLYxkj11ektBNBQCalWORniSbrmUcbeZRW/5MSk/cI=");
+ const bobpk = decode("fMienlNy008w96EyGMofLTU0uGSNQS+Y/R6UB8K9gGo=");
+ const bobsk = decode("wEcpKOYLdx5c3ZKVonMJpFFDIbMojQ2HOVHIhUOREoI=");
+
+ let nonce = decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+ const msg = ascii_to_array("hello world");
+ do_check_eq(encode(NACL.box(msg, nonce, bobpk, alicesk)),
+ "Lw610aPtDLO68Eg+z7y9PuLkvx9r4mMHwbTo");
+
+ nonce = decode("AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB"); // 0x010101..
+ const ciphertext = decode("cuKoAvlw/jNJaP8smc3Cq7LpG9UKeuiknKDZVxs=");
+ do_check_eq(array_to_ascii(NACL.box_open(ciphertext, nonce, alicepk,bobsk)),
+ "hi back at ya");
+
+}
+
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
index 0dc7801..5a95ad1 100644
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -11,3 +11,4 @@ skip-if = os == "android"
[test_hmac.js]
# Bug 676972: test hangs consistently on Android
skip-if = os == "android"
+[test_nacl.js]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment