Sealed Boxes

AUTHORS.md

@@ -1,11 +1,12 @@
 List of TweetNaCl.js authors
 ============================
 
-    Format: Name (GitHub username or URL)
+    Format: Name (GitHub username and URL)
 
-* Dmitry Chestnykh (@dchest)
-* Devi Mandiri (@devi)
-* AndSDev (@AndSDev)
+* Dmitry Chestnykh ([@dchest](https://github.com/dchest))
+* Devi Mandiri ([@devi](https://github.com/devi))
+* Kabir R. ([@CMEONE](https://github.com/CMEONE))
+* AndSDev ([@AndSDev](https://github.com/AndSDev))
 
 List of authors of third-party public domain code from which TweetNaCl.js code was derived
 ==========================================================================================

nacl-fast.js

@@ -2082,6 +2082,9 @@ var crypto_secretbox_KEYBYTES = 32,
     crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES,
     crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES,
     crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES,
+    crypto_sealedbox_NONCEBYTES = crypto_secretbox_NONCEBYTES,
+    crypto_sealedbox_PUBLICKEYBYTES = 32,
+    crypto_sealedbox_SECRETKEYBYTES = 32,
     crypto_sign_BYTES = 64,
     crypto_sign_PUBLICKEYBYTES = 32,
     crypto_sign_SECRETKEYBYTES = 64,
@@ -2124,6 +2127,9 @@ nacl.lowlevel = {
   crypto_box_NONCEBYTES: crypto_box_NONCEBYTES,
   crypto_box_ZEROBYTES: crypto_box_ZEROBYTES,
   crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES,
+  crypto_sealedbox_NONCEBYTES: crypto_sealedbox_NONCEBYTES,
+  crypto_sealedbox_PUBLICKEYBYTES: crypto_sealedbox_PUBLICKEYBYTES,
+  crypto_sealedbox_SECRETKEYBYTES: crypto_sealedbox_SECRETKEYBYTES,
   crypto_sign_BYTES: crypto_sign_BYTES,
   crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES,
   crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,
@@ -2159,6 +2165,12 @@ function checkBoxLengths(pk, sk) {
   if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');
 }
 
+function checkSealedBoxLengths(sk, n, m) {
+  if (sk.length !== crypto_sealedbox_SECRETKEYBYTES) throw new Error('bad secret key size');
+  if (n.length !== crypto_sealedbox_NONCEBYTES) throw new Error('bad nonce size');
+  if (m.length <= crypto_sealedbox_PUBLICKEYBYTES) throw new Error('bad message size');
+}
+
 function checkArrayTypes() {
   for (var i = 0; i < arguments.length; i++) {
     if (!(arguments[i] instanceof Uint8Array))
@@ -2265,6 +2277,33 @@ nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES;
 nacl.box.nonceLength = crypto_box_NONCEBYTES;
 nacl.box.overheadLength = nacl.secretbox.overheadLength;
 
+nacl.sealedbox = function(msg, nonce, publicKey) {
+  checkArrayTypes(msg, nonce, publicKey);
+  checkLengths(publicKey, nonce);
+  var ekp = nacl.box.keyPair();
+  var box = nacl.box(msg, nonce, publicKey, ekp.secretKey);
+  for (var i = 0; i < ekp.secretKey.length; i++) ekp.secretKey[i] = 0;
+  var m = new Uint8Array(ekp.publicKey.length + box.length);
+  for (var i = 0; i < ekp.publicKey.length; i++) m[i] = ekp.publicKey[i];
+  for (var i = 0; i < box.length; i++) m[ekp.publicKey.length + i] = box[i];
+  return m;
+}
+
+nacl.sealedbox.open = function(msg, nonce, secretKey) {
+  checkArrayTypes(msg, nonce, secretKey);
+  checkSealedBoxLengths(secretKey, nonce, msg);
+  var epk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
+  for (var i = 0; i < epk.length; i++) epk[i] = msg[i];
+  var m = new Uint8Array(msg.length - crypto_box_PUBLICKEYBYTES);
+  for (var i = 0; i < m.length; i++) m[i] = msg[crypto_box_PUBLICKEYBYTES + i];
+  return nacl.box.open(m, nonce, epk, secretKey);
+}
+
+nacl.sealedbox.publicKeyLength = crypto_sealedbox_PUBLICKEYBYTES;
+nacl.sealedbox.secretKeyLength = crypto_sealedbox_SECRETKEYBYTES;
+nacl.sealedbox.nonceLength = crypto_sealedbox_NONCEBYTES;
+nacl.sealedbox.overheadLength = nacl.box.overheadLength + crypto_sealedbox_PUBLICKEYBYTES;
+
 nacl.sign = function(msg, secretKey) {
   checkArrayTypes(msg, secretKey);
   if (secretKey.length !== crypto_sign_SECRETKEYBYTES)

nacl.js

@@ -869,6 +869,9 @@ var crypto_secretbox_KEYBYTES = 32,
     crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES,
     crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES,
     crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES,
+    crypto_sealedbox_NONCEBYTES = crypto_secretbox_NONCEBYTES,
+    crypto_sealedbox_PUBLICKEYBYTES = 32,
+    crypto_sealedbox_SECRETKEYBYTES = 32,
     crypto_sign_BYTES = 64,
     crypto_sign_PUBLICKEYBYTES = 32,
     crypto_sign_SECRETKEYBYTES = 64,
@@ -911,6 +914,9 @@ nacl.lowlevel = {
   crypto_box_NONCEBYTES: crypto_box_NONCEBYTES,
   crypto_box_ZEROBYTES: crypto_box_ZEROBYTES,
   crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES,
+  crypto_sealedbox_NONCEBYTES: crypto_sealedbox_NONCEBYTES,
+  crypto_sealedbox_PUBLICKEYBYTES: crypto_sealedbox_PUBLICKEYBYTES,
+  crypto_sealedbox_SECRETKEYBYTES: crypto_sealedbox_SECRETKEYBYTES,
   crypto_sign_BYTES: crypto_sign_BYTES,
   crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES,
   crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,
@@ -946,6 +952,12 @@ function checkBoxLengths(pk, sk) {
   if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');
 }
 
+function checkSealedBoxLengths(sk, n, m) {
+  if (sk.length !== crypto_sealedbox_SECRETKEYBYTES) throw new Error('bad secret key size');
+  if (n.length !== crypto_sealedbox_NONCEBYTES) throw new Error('bad nonce size');
+  if (m.length <= crypto_sealedbox_PUBLICKEYBYTES) throw new Error('bad message size');
+}
+
 function checkArrayTypes() {
   for (var i = 0; i < arguments.length; i++) {
     if (!(arguments[i] instanceof Uint8Array))
@@ -1052,6 +1064,33 @@ nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES;
 nacl.box.nonceLength = crypto_box_NONCEBYTES;
 nacl.box.overheadLength = nacl.secretbox.overheadLength;
 
+nacl.sealedbox = function(msg, nonce, publicKey) {
+  checkArrayTypes(msg, nonce, publicKey);
+  checkLengths(publicKey, nonce);
+  var ekp = nacl.box.keyPair();
+  var box = nacl.box(msg, nonce, publicKey, ekp.secretKey);
+  for (var i = 0; i < ekp.secretKey.length; i++) ekp.secretKey[i] = 0;
+  var m = new Uint8Array(ekp.publicKey.length + box.length);
+  for (var i = 0; i < ekp.publicKey.length; i++) m[i] = ekp.publicKey[i];
+  for (var i = 0; i < box.length; i++) m[ekp.publicKey.length + i] = box[i];
+  return m;
+}
+
+nacl.sealedbox.open = function(msg, nonce, secretKey) {
+  checkArrayTypes(msg, nonce, secretKey);
+  checkSealedBoxLengths(secretKey, nonce, msg);
+  var epk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
+  for (var i = 0; i < epk.length; i++) epk[i] = msg[i];
+  var m = new Uint8Array(msg.length - crypto_box_PUBLICKEYBYTES);
+  for (var i = 0; i < m.length; i++) m[i] = msg[crypto_box_PUBLICKEYBYTES + i];
+  return nacl.box.open(m, nonce, epk, secretKey);
+}
+
+nacl.sealedbox.publicKeyLength = crypto_sealedbox_PUBLICKEYBYTES;
+nacl.sealedbox.secretKeyLength = crypto_sealedbox_SECRETKEYBYTES;
+nacl.sealedbox.nonceLength = crypto_sealedbox_NONCEBYTES;
+nacl.sealedbox.overheadLength = nacl.box.overheadLength + crypto_sealedbox_PUBLICKEYBYTES;
+
 nacl.sign = function(msg, secretKey) {
   checkArrayTypes(msg, secretKey);
   if (secretKey.length !== crypto_sign_SECRETKEYBYTES)