Fixed a bug in the fast version of Poly1305 and brought it back.
Thanks to @floodyberry for promptly responding and fixing the original C code:
"The issue was not properly detecting if st->h was >= 2^130 - 5, coupled with [testing mistake] not catching the failure. The chance of the bug affecting anything in the real world is essentially zero luckily, but it's good to have it fixed."
https://github.com/floodyberry/poly1305-donna/issues/2#issuecomment-202698577
Switched Poly1305 fast version back to original (slow) version due to a bug.
No code changes, just tweaked packaging and added COPYING.txt.
Breaking change! All functions from nacl.util
have been removed. These
functions are no longer available:
nacl.util.decodeUTF8
nacl.util.encodeUTF8
nacl.util.decodeBase64
nacl.util.encodeBase64
If want to continue using them, you can include https://github.com/dchest/tweetnacl-util-js package:
<script src="nacl.min.js"></script>
<script src="nacl-util.min.js"></script>
or
var nacl = require('tweetnacl');
nacl.util = require('tweetnacl-util');
However it is recommended to use better packages that have wider
compatibility and better performance. Functions from nacl.util
were never
intended to be robust solution for string conversion and were included for
convenience: cryptography library is not the right place for them.
Currently calling these functions will throw error pointing to
tweetnacl-util-js
(in the next version this error message will be removed).
Improved detection of available random number generators, making it possible
to use nacl.randomBytes
and related functions in Web Workers without
changes.
Changes to testing (see README).
No code changes.
Reverted license field in package.json to "Public domain".
Fixed typo in README.
Fixed undefined variable bug in fast version of Poly1305. No worries, this bug was never triggered.
Specified CC0 public domain dedication.
Updated development dependencies.
crypto
and buffer
modules from browserify builds.Made nacl-fast
the default version in NPM package. Now
require("tweetnacl")
will use fast version; to get the original version,
use require("tweetnacl/nacl.js")
.
Cleanup temporary array after generating random bytes.
nacl.scalarMult
, nacl.box
,
nacl.sign
and related functions up to 3x faster in nacl-fast
version.nacl-fast
version.nacl.box.keyPair.fromSecretKey
and
nacl.sign.keyPair.fromSecretKey
.nacl.sign.seedLength
.nacl-fast
).Implement nacl.sign.keyPair.fromSeed
to enable creation of sign key pairs
deterministically from a 32-byte seed. (It behaves like
libsodium's
crypto_sign_seed_keypair
: the seed becomes a secret part of the secret key.)
Fast version now has an improved hash implementation that is 2x-5x faster.
Fixed benchmarks, which may have produced incorrect measurements.
nacl.lowlevel.crypto_core_hsalsa20
.nacl.sign
and nacl.sign.open
now deal
with signed messages, and new nacl.sign.detached
and
nacl.sign.detached.verify
are available.Previously, nacl.sign
returned a signature, and nacl.sign.open
accepted a
message and "detached" signature. This was unlike NaCl's API, which dealt with
signed messages (concatenation of signature and message).
The new API is:
nacl.sign(message, secretKey) -> signedMessage
nacl.sign.open(signedMessage, publicKey) -> message | null
Since detached signatures are common, two new API functions were introduced:
nacl.sign.detached(message, secretKey) -> signature
nacl.sign.detached.verify(message, signature, publicKey) -> true | false
(Note that it's verify
, not open
, and it returns a boolean value, unlike
open
, which returns an "unsigned" message.)
test
directory to keep it small.