Adjust comments

Author: paulmillr

src/_arx.ts

@@ -49,6 +49,7 @@ const sigma32 = _utf8ToBytes('expand 32-byte k');
 const sigma16_32 = u32(sigma16);
 const sigma32_32 = u32(sigma32);
 
+/** Rotate left. */
 export function rotl(a: number, b: number): number {
   return (a << b) | (a >>> (32 - b));
 }

src/_micro.ts

@@ -174,7 +174,7 @@ export const chacha20: XorStream = /* @__PURE__ */ createCipher(chachaCore, {
   counterLength: 4,
 });
 
-/** xchacha20 eXtended-nonce. https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha */
+/** xchacha20 eXtended-nonce. See [IRTF draft](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha) */
 export const xchacha20: XorStream = /* @__PURE__ */ createCipher(chachaCore, {
   counterRight: false,
   counterLength: 8,

src/aes.ts

@@ -676,7 +676,7 @@ const limit = (name: string, min: number, max: number) => (value: number) => {
  * AES-GCM-SIV: classic AES-GCM with nonce-misuse resistance.
  * Guarantees that, when a nonce is repeated, the only security loss is that identical
  * plaintexts will produce identical ciphertexts.
- * RFC 8452, https://datatracker.ietf.org/doc/html/rfc8452
+ * See [RFC 8452](https://datatracker.ietf.org/doc/html/rfc8452).
  */
 export const gcmsiv: ((key: Uint8Array, nonce: Uint8Array, AAD?: Uint8Array) => Cipher) & {
   blockSize: number;

src/chacha.ts

@@ -175,7 +175,7 @@ export const chacha20: XorStream = /* @__PURE__ */ createCipher(chachaCore, {
 /**
  * XChaCha eXtended-nonce ChaCha. 24-byte nonce.
  * With 24-byte nonce, it's safe to use fill it with random (CSPRNG).
- * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha
+ * See [IRTF draft](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha).
  */
 export const xchacha20: XorStream = /* @__PURE__ */ createCipher(chachaCore, {
   counterRight: false,
@@ -232,9 +232,7 @@ function computeTag(
 /**
  * AEAD algorithm from RFC 8439.
  * Salsa20 and chacha (RFC 8439) use poly1305 differently.
- * We could have composed them similar to:
- * https://github.com/paulmillr/scure-base/blob/b266c73dde977b1dd7ef40ef7a23cc15aab526b3/index.ts#L250
- * But it's hard because of authKey:
+ * We could have composed them, but it's hard because of authKey:
  * In salsa20, authKey changes position in salsa stream.
  * In chacha, authKey can't be computed inside computeTag, it modifies the counter.
  */

src/webcrypto.ts

@@ -12,6 +12,11 @@
 import { crypto } from '@noble/ciphers/crypto';
 import { abytes, anumber, type AsyncCipher, type Cipher, concatBytes } from './utils.ts';
 
+function getWebcryptoSubtle(): any {
+  if (crypto && typeof crypto.subtle === 'object' && crypto.subtle != null) return crypto.subtle;
+  throw new Error('crypto.subtle must be defined');
+}
+
 /**
  * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
  */
@@ -26,11 +31,6 @@ export function randomBytes(bytesLength = 32): Uint8Array {
   throw new Error('crypto.getRandomValues must be defined');
 }
 
-export function getWebcryptoSubtle(): any {
-  if (crypto && typeof crypto.subtle === 'object' && crypto.subtle != null) return crypto.subtle;
-  throw new Error('crypto.subtle must be defined');
-}
-
 type RemoveNonceInner<T extends any[], Ret> = ((...args: T) => Ret) extends (
   arg0: any,
   arg1: any,
@@ -76,8 +76,10 @@ export function managedNonce<T extends CipherWithNonce>(fn: T): RemoveNonce<T> {
   })) as RemoveNonce<T>;
 }
 
-// Overridable
-// @TODO
+/**
+ * Internal webcrypto utils. Can be overridden of crypto.subtle is not present,
+ * for example in React Native.
+ */
 export const utils: {
   encrypt: (key: Uint8Array, ...all: any[]) => Promise<Uint8Array>;
   decrypt: (key: Uint8Array, ...all: any[]) => Promise<Uint8Array>;