salty-crypto
Advanced tools
Comparing version 0.0.5 to 0.1.0
@@ -1,82 +0,76 @@ | ||
declare const AEAD_CHACHA20_POLY1305_KEYBYTES = 32; | ||
declare const AEAD_CHACHA20_POLY1305_NONCEBYTES = 12; | ||
declare const AEAD_CHACHA20_POLY1305_TAGBYTES = 16; | ||
declare function aead_encrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, tag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): void; | ||
declare function aead_encrypt(plaintext: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): Uint8Array; | ||
declare function aead_decrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, expected_tag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): boolean; | ||
declare class AuthenticationFailure extends Error { | ||
declare class Nonce { | ||
lo: number; | ||
hi: number; | ||
extra: number; | ||
constructor(lo?: number, hi?: number, extra?: number); | ||
increment(): void; | ||
reset(lo?: number, hi?: number, extra?: number): void; | ||
static get MAX(): Nonce; | ||
} | ||
declare function aead_decrypt(ciphertextAndTag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): Uint8Array; | ||
declare const aead_d_AEAD_CHACHA20_POLY1305_KEYBYTES: typeof AEAD_CHACHA20_POLY1305_KEYBYTES; | ||
declare const aead_d_AEAD_CHACHA20_POLY1305_NONCEBYTES: typeof AEAD_CHACHA20_POLY1305_NONCEBYTES; | ||
declare const aead_d_AEAD_CHACHA20_POLY1305_TAGBYTES: typeof AEAD_CHACHA20_POLY1305_TAGBYTES; | ||
type aead_d_AuthenticationFailure = AuthenticationFailure; | ||
declare const aead_d_AuthenticationFailure: typeof AuthenticationFailure; | ||
declare const aead_d_aead_decrypt: typeof aead_decrypt; | ||
declare const aead_d_aead_decrypt_detached: typeof aead_decrypt_detached; | ||
declare const aead_d_aead_encrypt: typeof aead_encrypt; | ||
declare const aead_d_aead_encrypt_detached: typeof aead_encrypt_detached; | ||
declare namespace aead_d { | ||
declare const ChaCha20Poly1305_RFC8439: AEAD; | ||
declare const chacha20poly1305_ChaCha20Poly1305_RFC8439: typeof ChaCha20Poly1305_RFC8439; | ||
declare namespace chacha20poly1305 { | ||
export { | ||
aead_d_AEAD_CHACHA20_POLY1305_KEYBYTES as AEAD_CHACHA20_POLY1305_KEYBYTES, | ||
aead_d_AEAD_CHACHA20_POLY1305_NONCEBYTES as AEAD_CHACHA20_POLY1305_NONCEBYTES, | ||
aead_d_AEAD_CHACHA20_POLY1305_TAGBYTES as AEAD_CHACHA20_POLY1305_TAGBYTES, | ||
aead_d_AuthenticationFailure as AuthenticationFailure, | ||
aead_d_aead_decrypt as aead_decrypt, | ||
aead_d_aead_decrypt_detached as aead_decrypt_detached, | ||
aead_d_aead_encrypt as aead_encrypt, | ||
aead_d_aead_encrypt_detached as aead_encrypt_detached, | ||
chacha20poly1305_ChaCha20Poly1305_RFC8439 as ChaCha20Poly1305_RFC8439, | ||
}; | ||
} | ||
declare class BLAKE2s { | ||
outlen: number; | ||
static readonly KEYBYTES = 32; | ||
static readonly OUTBYTES = 32; | ||
static readonly BLOCKLEN = 64; | ||
b: Uint8Array; | ||
bv: DataView; | ||
h: Uint32Array; | ||
t: Uint32Array; | ||
c: number; | ||
static digest(input: Uint8Array, outlen?: number, key?: Uint8Array): Uint8Array; | ||
constructor(outlen?: number, key?: Uint8Array); | ||
update(input: Uint8Array): void; | ||
final(output?: Uint8Array): Uint8Array; | ||
compress(last: boolean): void; | ||
declare class AuthenticationFailure extends Error { | ||
} | ||
interface AEAD { | ||
readonly NAME: string; | ||
readonly KEYBYTES: number; | ||
readonly NONCEBYTES: number; | ||
readonly TAGBYTES: number; | ||
encrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, tag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): void; | ||
encrypt(plaintext: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
decrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, expected_tag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): boolean; | ||
decrypt(ciphertextAndTag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
} | ||
declare function _encrypt(this: AEAD, plaintext: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
declare function _decrypt(this: AEAD, ciphertextAndTag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
type blake2_d_BLAKE2s = BLAKE2s; | ||
declare const blake2_d_BLAKE2s: typeof BLAKE2s; | ||
declare namespace blake2_d { | ||
declare function equal(x: Uint8Array, y: Uint8Array, n: number): boolean; | ||
declare function xor(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
declare function append(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
declare const EMPTY: Uint8Array; | ||
declare const bytes_d_EMPTY: typeof EMPTY; | ||
declare const bytes_d_append: typeof append; | ||
declare const bytes_d_equal: typeof equal; | ||
declare const bytes_d_xor: typeof xor; | ||
declare namespace bytes_d { | ||
export { | ||
blake2_d_BLAKE2s as BLAKE2s, | ||
bytes_d_EMPTY as EMPTY, | ||
bytes_d_append as append, | ||
bytes_d_equal as equal, | ||
bytes_d_xor as xor, | ||
}; | ||
} | ||
declare const CHACHA20_KEYBYTES = 32; | ||
declare const CHACHA20_NONCEBYTES = 12; | ||
declare const CHACHA20_BLOCKBYTES = 64; | ||
declare function chacha20_quarter_round(s: Uint32Array, a: number, b: number, c: number, d: number): void; | ||
declare function chacha20_block(key: DataView, block: number, nonce: DataView): Uint32Array; | ||
declare function chacha20(key: DataView, nonce: DataView, input: Uint8Array, output: Uint8Array, initial_counter?: number, messagelength?: number): void; | ||
declare const ChaCha20: StreamCipher; | ||
declare const chacha20_d_CHACHA20_BLOCKBYTES: typeof CHACHA20_BLOCKBYTES; | ||
declare const chacha20_d_CHACHA20_KEYBYTES: typeof CHACHA20_KEYBYTES; | ||
declare const chacha20_d_CHACHA20_NONCEBYTES: typeof CHACHA20_NONCEBYTES; | ||
declare const chacha20_d_chacha20: typeof chacha20; | ||
declare const chacha20_d_chacha20_block: typeof chacha20_block; | ||
declare const chacha20_d_chacha20_quarter_round: typeof chacha20_quarter_round; | ||
declare namespace chacha20_d { | ||
declare const chacha20_ChaCha20: typeof ChaCha20; | ||
declare const chacha20_chacha20_block: typeof chacha20_block; | ||
declare const chacha20_chacha20_quarter_round: typeof chacha20_quarter_round; | ||
declare namespace chacha20 { | ||
export { | ||
chacha20_d_CHACHA20_BLOCKBYTES as CHACHA20_BLOCKBYTES, | ||
chacha20_d_CHACHA20_KEYBYTES as CHACHA20_KEYBYTES, | ||
chacha20_d_CHACHA20_NONCEBYTES as CHACHA20_NONCEBYTES, | ||
chacha20_d_chacha20 as chacha20, | ||
chacha20_d_chacha20_block as chacha20_block, | ||
chacha20_d_chacha20_quarter_round as chacha20_quarter_round, | ||
chacha20_ChaCha20 as ChaCha20, | ||
chacha20_chacha20_block as chacha20_block, | ||
chacha20_chacha20_quarter_round as chacha20_quarter_round, | ||
}; | ||
} | ||
interface StreamCipher { | ||
readonly NAME: string; | ||
readonly KEYBYTES: number; | ||
readonly NONCEBYTES: number; | ||
readonly BLOCKBYTES: number; | ||
stream_xor(key: DataView, nonce: Nonce, input: Uint8Array, output: Uint8Array, initial_counter?: number, messagelength?: number): void; | ||
} | ||
type DHKeyPair = { | ||
@@ -86,44 +80,123 @@ public: Uint8Array; | ||
}; | ||
declare class Nonce { | ||
lo: number; | ||
hi: number; | ||
constructor(lo?: number, hi?: number); | ||
increment(): void; | ||
reset(lo?: number, hi?: number): void; | ||
static get MAX(): Nonce; | ||
interface DH { | ||
readonly NAME: string; | ||
readonly DHLEN: number; | ||
generateKeypair(): DHKeyPair; | ||
dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
} | ||
declare function bytesXor(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
declare function bytesAppend(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
type HMAC = (key: Uint8Array, data: Uint8Array) => Uint8Array; | ||
declare abstract class NoiseProtocolAlgorithms { | ||
readonly dhlen: number; | ||
readonly hmac: HMAC; | ||
constructor(hmac?: HMAC); | ||
abstract dhName(): string; | ||
abstract generateKeypair(): DHKeyPair; | ||
abstract dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
abstract cipherName(): string; | ||
abstract encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
abstract decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
abstract hashName(): string; | ||
abstract hash(data: Uint8Array): Uint8Array; | ||
abstract hashBlocklen(): number; | ||
rekey(k: DataView): DataView; | ||
_padOrHash(bs0: Uint8Array, len: number): Uint8Array; | ||
hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
matchingPattern(protocol_name: string): string | null; | ||
declare const X25519: DH; | ||
declare const BLAKE2s: { | ||
new (key?: Uint8Array, outlen?: number): { | ||
b: Uint8Array; | ||
bv: DataView; | ||
h: Uint32Array; | ||
t: Uint32Array; | ||
c: number; | ||
outlen: number; | ||
update(input: Uint8Array, offset?: number, length?: number): void; | ||
final(output?: Uint8Array): Uint8Array; | ||
compress(last: boolean): void; | ||
}; | ||
readonly NAME: "BLAKE2s"; | ||
readonly KEYBYTES: 32; | ||
readonly OUTBYTES: 32; | ||
readonly BLOCKLEN: 64; | ||
digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
}; | ||
declare const blake2s_BLAKE2s: typeof BLAKE2s; | ||
declare namespace blake2s { | ||
export { | ||
blake2s_BLAKE2s as BLAKE2s, | ||
}; | ||
} | ||
interface HandshakePattern { | ||
name: string; | ||
baseName: string; | ||
messages: Token[][]; | ||
initiatorPreMessage: PreMessage; | ||
responderPreMessage: PreMessage; | ||
declare const Poly1305: { | ||
new (key?: Uint8Array, outlen?: number): { | ||
buffer: Uint8Array; | ||
r: Uint16Array; | ||
h: Uint16Array; | ||
pad: Uint16Array; | ||
leftover: number; | ||
fin: number; | ||
blocks(m: Uint8Array, mpos: number, bytes: number): void; | ||
final(mac?: Uint8Array): Uint8Array; | ||
update(m: Uint8Array, mpos?: number, bytes?: number): void; | ||
}; | ||
readonly NAME: "Poly1305"; | ||
readonly KEYBYTES: 32; | ||
readonly OUTBYTES: 16; | ||
readonly BLOCKLEN: 16; | ||
digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
}; | ||
declare const poly1305_Poly1305: typeof Poly1305; | ||
declare namespace poly1305 { | ||
export { | ||
poly1305_Poly1305 as Poly1305, | ||
}; | ||
} | ||
interface Hash { | ||
readonly NAME: string; | ||
readonly KEYBYTES: number; | ||
readonly OUTBYTES: number; | ||
readonly BLOCKLEN: number; | ||
digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
new (key?: Uint8Array, outlen?: number): HashAlgorithm; | ||
} | ||
interface HashAlgorithm { | ||
update(input: Uint8Array, offset?: number, length?: number): void; | ||
final(output?: Uint8Array): Uint8Array; | ||
} | ||
type HMAC = { | ||
(key: Uint8Array, data: Uint8Array): Uint8Array; | ||
readonly NAME: string; | ||
}; | ||
declare function makeHMAC(hash: Hash): HMAC; | ||
type HKDF = { | ||
(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
}; | ||
declare function makeHKDF(hmac: HMAC): HKDF; | ||
type Rekey = (k: DataView) => DataView; | ||
declare function makeRekey(aead: AEAD): Rekey; | ||
type rekey_Rekey = Rekey; | ||
declare const rekey_makeRekey: typeof makeRekey; | ||
declare namespace rekey { | ||
export { | ||
rekey_Rekey as Rekey, | ||
rekey_makeRekey as makeRekey, | ||
}; | ||
} | ||
interface Algorithms { | ||
dh: DH; | ||
aead: AEAD; | ||
hash: Hash; | ||
hmac?: HMAC; | ||
hkdf?: HKDF; | ||
rekey?: Rekey; | ||
} | ||
declare function matchPattern(a: Algorithms, protocol_name: string): string | null; | ||
type algorithms_Algorithms = Algorithms; | ||
declare const algorithms_matchPattern: typeof matchPattern; | ||
declare namespace algorithms { | ||
export { | ||
algorithms_Algorithms as Algorithms, | ||
algorithms_matchPattern as matchPattern, | ||
}; | ||
} | ||
declare class CipherState { | ||
algorithms: NoiseProtocolAlgorithms; | ||
algorithms: Algorithms; | ||
view: DataView | null; | ||
nonce: Nonce; | ||
constructor(algorithms: NoiseProtocolAlgorithms, key?: Uint8Array); | ||
constructor(algorithms: Algorithms, key?: Uint8Array); | ||
encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
@@ -133,4 +206,51 @@ decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
} | ||
type cipherstate_CipherState = CipherState; | ||
declare const cipherstate_CipherState: typeof CipherState; | ||
declare namespace cipherstate { | ||
export { | ||
cipherstate_CipherState as CipherState, | ||
}; | ||
} | ||
type KeyTransferToken = 'e' | 's'; | ||
type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
type Token = KeyTransferToken | KeyMixToken; | ||
type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
interface HandshakePattern { | ||
name: string; | ||
baseName: string; | ||
messages: Token[][]; | ||
initiatorPreMessage: PreMessage; | ||
responderPreMessage: PreMessage; | ||
} | ||
declare const PATTERNS: { | ||
[key: string]: HandshakePattern; | ||
}; | ||
declare function isOneWay(pat: HandshakePattern): boolean; | ||
declare function lookupPattern(name: string): HandshakePattern | null; | ||
type patterns_HandshakePattern = HandshakePattern; | ||
type patterns_KeyMixToken = KeyMixToken; | ||
type patterns_KeyTransferToken = KeyTransferToken; | ||
declare const patterns_PATTERNS: typeof PATTERNS; | ||
type patterns_PreMessage = PreMessage; | ||
type patterns_Token = Token; | ||
declare const patterns_isOneWay: typeof isOneWay; | ||
declare const patterns_lookupPattern: typeof lookupPattern; | ||
declare namespace patterns { | ||
export { | ||
patterns_HandshakePattern as HandshakePattern, | ||
patterns_KeyMixToken as KeyMixToken, | ||
patterns_KeyTransferToken as KeyTransferToken, | ||
patterns_PATTERNS as PATTERNS, | ||
patterns_PreMessage as PreMessage, | ||
patterns_Token as Token, | ||
patterns_isOneWay as isOneWay, | ||
patterns_lookupPattern as lookupPattern, | ||
}; | ||
} | ||
type Role = 'initiator' | 'responder'; | ||
type NoiseProtocolOptions = { | ||
type HandshakeOptions = { | ||
prologue?: Uint8Array; | ||
@@ -143,6 +263,2 @@ staticKeypair?: DHKeyPair; | ||
}; | ||
type KeyTransferToken = 'e' | 's'; | ||
type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
type Token = KeyTransferToken | KeyMixToken; | ||
type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
type TransportState = { | ||
@@ -152,4 +268,4 @@ send: CipherState; | ||
}; | ||
declare class NoiseHandshake { | ||
algorithms: NoiseProtocolAlgorithms; | ||
declare class Handshake { | ||
algorithms: Algorithms; | ||
pattern: HandshakePattern; | ||
@@ -166,3 +282,4 @@ role: Role; | ||
handshakeHash: Uint8Array; | ||
constructor(algorithms: NoiseProtocolAlgorithms, pattern: HandshakePattern, role: Role, options?: NoiseProtocolOptions); | ||
hkdf: HKDF; | ||
constructor(algorithms: Algorithms, pattern: HandshakePattern, role: Role, options?: HandshakeOptions); | ||
get isInitiator(): boolean; | ||
@@ -188,119 +305,28 @@ mixHash(data: Uint8Array): void; | ||
type noise_d_CipherState = CipherState; | ||
declare const noise_d_CipherState: typeof CipherState; | ||
type noise_d_DHKeyPair = DHKeyPair; | ||
type noise_d_HMAC = HMAC; | ||
type noise_d_HandshakePattern = HandshakePattern; | ||
type noise_d_KeyMixToken = KeyMixToken; | ||
type noise_d_KeyTransferToken = KeyTransferToken; | ||
type noise_d_NoiseHandshake = NoiseHandshake; | ||
declare const noise_d_NoiseHandshake: typeof NoiseHandshake; | ||
type noise_d_NoiseProtocolAlgorithms = NoiseProtocolAlgorithms; | ||
declare const noise_d_NoiseProtocolAlgorithms: typeof NoiseProtocolAlgorithms; | ||
type noise_d_NoiseProtocolOptions = NoiseProtocolOptions; | ||
type noise_d_Nonce = Nonce; | ||
declare const noise_d_Nonce: typeof Nonce; | ||
type noise_d_PreMessage = PreMessage; | ||
type noise_d_Role = Role; | ||
type noise_d_Token = Token; | ||
type noise_d_TransportState = TransportState; | ||
declare const noise_d_bytesAppend: typeof bytesAppend; | ||
declare const noise_d_bytesXor: typeof bytesXor; | ||
declare namespace noise_d { | ||
type handshake_Handshake = Handshake; | ||
declare const handshake_Handshake: typeof Handshake; | ||
type handshake_HandshakeOptions = HandshakeOptions; | ||
type handshake_Role = Role; | ||
type handshake_TransportState = TransportState; | ||
declare namespace handshake { | ||
export { | ||
noise_d_CipherState as CipherState, | ||
noise_d_DHKeyPair as DHKeyPair, | ||
noise_d_HMAC as HMAC, | ||
noise_d_HandshakePattern as HandshakePattern, | ||
noise_d_KeyMixToken as KeyMixToken, | ||
noise_d_KeyTransferToken as KeyTransferToken, | ||
noise_d_NoiseHandshake as NoiseHandshake, | ||
noise_d_NoiseProtocolAlgorithms as NoiseProtocolAlgorithms, | ||
noise_d_NoiseProtocolOptions as NoiseProtocolOptions, | ||
noise_d_Nonce as Nonce, | ||
noise_d_PreMessage as PreMessage, | ||
noise_d_Role as Role, | ||
noise_d_Token as Token, | ||
noise_d_TransportState as TransportState, | ||
noise_d_bytesAppend as bytesAppend, | ||
noise_d_bytesXor as bytesXor, | ||
handshake_Handshake as Handshake, | ||
handshake_HandshakeOptions as HandshakeOptions, | ||
handshake_Role as Role, | ||
handshake_TransportState as TransportState, | ||
}; | ||
} | ||
declare const PATTERNS: { | ||
[key: string]: HandshakePattern; | ||
}; | ||
declare function isOneWay(pat: HandshakePattern): boolean; | ||
declare function lookupPattern(name: string): HandshakePattern | null; | ||
declare const Noise_25519_ChaChaPoly_BLAKE2s: Algorithms; | ||
declare const patterns_d_PATTERNS: typeof PATTERNS; | ||
declare const patterns_d_isOneWay: typeof isOneWay; | ||
declare const patterns_d_lookupPattern: typeof lookupPattern; | ||
declare namespace patterns_d { | ||
declare const profiles_Noise_25519_ChaChaPoly_BLAKE2s: typeof Noise_25519_ChaChaPoly_BLAKE2s; | ||
declare namespace profiles { | ||
export { | ||
patterns_d_PATTERNS as PATTERNS, | ||
patterns_d_isOneWay as isOneWay, | ||
patterns_d_lookupPattern as lookupPattern, | ||
profiles_Noise_25519_ChaChaPoly_BLAKE2s as Noise_25519_ChaChaPoly_BLAKE2s, | ||
}; | ||
} | ||
declare class Poly1305 { | ||
key: Uint8Array; | ||
static readonly KEYBYTES = 32; | ||
static readonly TAGBYTES = 16; | ||
static readonly BLOCKBYTES = 16; | ||
buffer: Uint8Array; | ||
r: Uint16Array; | ||
h: Uint16Array; | ||
pad: Uint16Array; | ||
leftover: number; | ||
fin: number; | ||
static digest(key: Uint8Array, input: Uint8Array): Uint8Array; | ||
constructor(key: Uint8Array); | ||
blocks(m: Uint8Array, mpos: number, bytes: number): void; | ||
finish(mac: Uint8Array, macpos: number): void; | ||
update(m: Uint8Array, mpos: number, bytes: number): void; | ||
} | ||
type poly1305_d_Poly1305 = Poly1305; | ||
declare const poly1305_d_Poly1305: typeof Poly1305; | ||
declare namespace poly1305_d { | ||
export { | ||
poly1305_d_Poly1305 as Poly1305, | ||
}; | ||
} | ||
declare class Noise_25519_ChaChaPoly_BLAKE2s extends NoiseProtocolAlgorithms { | ||
constructor(); | ||
dhName(): string; | ||
generateKeypair(): DHKeyPair; | ||
dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
cipherName(): string; | ||
encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
hashName(): string; | ||
hash(data: Uint8Array): Uint8Array; | ||
hashBlocklen(): number; | ||
} | ||
type profiles_d_Noise_25519_ChaChaPoly_BLAKE2s = Noise_25519_ChaChaPoly_BLAKE2s; | ||
declare const profiles_d_Noise_25519_ChaChaPoly_BLAKE2s: typeof Noise_25519_ChaChaPoly_BLAKE2s; | ||
declare namespace profiles_d { | ||
export { | ||
profiles_d_Noise_25519_ChaChaPoly_BLAKE2s as Noise_25519_ChaChaPoly_BLAKE2s, | ||
}; | ||
} | ||
declare const _randomBytes: (out: Uint8Array, n: number) => void; | ||
declare function randomBytes(n: number): Uint8Array; | ||
declare const random_d__randomBytes: typeof _randomBytes; | ||
declare const random_d_randomBytes: typeof randomBytes; | ||
declare namespace random_d { | ||
export { | ||
random_d__randomBytes as _randomBytes, | ||
random_d_randomBytes as randomBytes, | ||
}; | ||
} | ||
declare const crypto_scalarmult_BYTES = 32; | ||
@@ -317,19 +343,43 @@ declare const crypto_scalarmult_SCALARBYTES = 32; | ||
declare const x25519_d_crypto_scalarmult: typeof crypto_scalarmult; | ||
declare const x25519_d_crypto_scalarmult_BYTES: typeof crypto_scalarmult_BYTES; | ||
declare const x25519_d_crypto_scalarmult_SCALARBYTES: typeof crypto_scalarmult_SCALARBYTES; | ||
declare const x25519_d_crypto_scalarmult_base: typeof crypto_scalarmult_base; | ||
declare const x25519_d_scalarMult: typeof scalarMult; | ||
declare const x25519_d_scalarMultBase: typeof scalarMultBase; | ||
declare namespace x25519_d { | ||
declare const x25519_crypto_scalarmult: typeof crypto_scalarmult; | ||
declare const x25519_crypto_scalarmult_BYTES: typeof crypto_scalarmult_BYTES; | ||
declare const x25519_crypto_scalarmult_SCALARBYTES: typeof crypto_scalarmult_SCALARBYTES; | ||
declare const x25519_crypto_scalarmult_base: typeof crypto_scalarmult_base; | ||
declare const x25519_scalarMult: typeof scalarMult; | ||
declare const x25519_scalarMultBase: typeof scalarMultBase; | ||
declare namespace x25519 { | ||
export { | ||
x25519_d_crypto_scalarmult as crypto_scalarmult, | ||
x25519_d_crypto_scalarmult_BYTES as crypto_scalarmult_BYTES, | ||
x25519_d_crypto_scalarmult_SCALARBYTES as crypto_scalarmult_SCALARBYTES, | ||
x25519_d_crypto_scalarmult_base as crypto_scalarmult_base, | ||
x25519_d_scalarMult as scalarMult, | ||
x25519_d_scalarMultBase as scalarMultBase, | ||
x25519_crypto_scalarmult as crypto_scalarmult, | ||
x25519_crypto_scalarmult_BYTES as crypto_scalarmult_BYTES, | ||
x25519_crypto_scalarmult_SCALARBYTES as crypto_scalarmult_SCALARBYTES, | ||
x25519_crypto_scalarmult_base as crypto_scalarmult_base, | ||
x25519_scalarMult as scalarMult, | ||
x25519_scalarMultBase as scalarMultBase, | ||
}; | ||
} | ||
export { aead_d as AEAD, blake2_d as BLAKE2, chacha20_d as ChaCha20, noise_d as Noise, profiles_d as NoiseProfiles, patterns_d as Patterns, poly1305_d as Poly1305, random_d as Random, x25519_d as X25519 }; | ||
declare const INTERNALS: { | ||
aead: { | ||
chacha20poly1305: typeof chacha20poly1305; | ||
}; | ||
cipher: { | ||
chacha20: typeof chacha20; | ||
}; | ||
dh: { | ||
x25519: typeof x25519; | ||
}; | ||
hash: { | ||
blake2s: typeof blake2s; | ||
poly1305: typeof poly1305; | ||
}; | ||
noise: { | ||
algorithms: typeof algorithms; | ||
cipherstate: typeof cipherstate; | ||
handshake: typeof handshake; | ||
patterns: typeof patterns; | ||
profiles: typeof profiles; | ||
rekey: typeof rekey; | ||
}; | ||
}; | ||
export { AEAD, Algorithms, AuthenticationFailure, BLAKE2s, bytes_d as Bytes, ChaCha20, ChaCha20Poly1305_RFC8439, CipherState, DH, DHKeyPair, HKDF, HMAC, Handshake, HandshakeOptions, HandshakePattern, Hash, HashAlgorithm, INTERNALS, KeyMixToken, KeyTransferToken, Noise_25519_ChaChaPoly_BLAKE2s, Nonce, PATTERNS, Poly1305, PreMessage, Rekey, Role, StreamCipher, Token, TransportState, X25519, _decrypt, _encrypt, _randomBytes, isOneWay, lookupPattern, makeHKDF, makeHMAC, matchPattern, randomBytes }; |
@@ -1,1 +0,1 @@ | ||
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}function r(t,e,s,i,r=0,n=s.byteLength){const a=n>>6,o=63&n;for(let n=0;n<a;n++){const a=h(t,r+n,e);for(let t=0;t<64;t++)i[(n<<6)+t]=s[(n<<6)+t]^a[t>>2]>>((3&t)<<3)}if(0!==o){const n=h(t,r+a,e);for(let t=0;t<o;t++)i[(a<<6)+t]=s[(a<<6)+t]^n[t>>2]>>((3&t)<<3)}}var n=Object.freeze({__proto__:null,CHACHA20_BLOCKBYTES:64,CHACHA20_KEYBYTES:32,CHACHA20_NONCEBYTES:12,chacha20:r,chacha20_block:h,chacha20_quarter_round:s});class a{static digest(t,e){const s=new a(t);s.update(e,0,e.byteLength);const i=new Uint8Array(a.TAGBYTES);return s.finish(i,0),i}constructor(t){this.key=t,this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0;const e=255&t[0]|(255&t[1])<<8;this.r[0]=8191&e;const s=255&t[2]|(255&t[3])<<8;this.r[1]=8191&(e>>>13|s<<3);const i=255&t[4]|(255&t[5])<<8;this.r[2]=7939&(s>>>10|i<<6);const h=255&t[6]|(255&t[7])<<8;this.r[3]=8191&(i>>>7|h<<9);const r=255&t[8]|(255&t[9])<<8;this.r[4]=255&(h>>>4|r<<12),this.r[5]=r>>>1&8190;const n=255&t[10]|(255&t[11])<<8;this.r[6]=8191&(r>>>14|n<<2);const a=255&t[12]|(255&t[13])<<8;this.r[7]=8065&(n>>>11|a<<5);const o=255&t[14]|(255&t[15])<<8;this.r[8]=8191&(a>>>8|o<<8),this.r[9]=o>>>5&127,this.pad[0]=255&t[16]|(255&t[17])<<8,this.pad[1]=255&t[18]|(255&t[19])<<8,this.pad[2]=255&t[20]|(255&t[21])<<8,this.pad[3]=255&t[22]|(255&t[23])<<8,this.pad[4]=255&t[24]|(255&t[25])<<8,this.pad[5]=255&t[26]|(255&t[27])<<8,this.pad[6]=255&t[28]|(255&t[29])<<8,this.pad[7]=255&t[30]|(255&t[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],c=this.h[5],l=this.h[6],u=this.h[7],f=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],b=this.r[4],K=this.r[5],w=this.r[6],A=this.r[7],_=this.r[8],E=this.r[9];for(;s>=16;){const U=255&t[e+0]|(255&t[e+1])<<8;h+=8191&U;const v=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(U>>>13|v<<3);const M=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(v>>>10|M<<6);const S=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(M>>>7|S<<9);const N=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(S>>>4|N<<12),c+=N>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;l+=8191&(N>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;u+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;f+=8191&(k>>>8|x<<8),y+=x>>>5|i;let H=0,P=H;P+=h*p,P+=r*(5*E),P+=n*(5*_),P+=a*(5*A),P+=o*(5*w),H=P>>>13,P&=8191,P+=c*(5*K),P+=l*(5*b),P+=u*(5*g),P+=f*(5*m),P+=y*(5*d),H+=P>>>13,P&=8191;let B=H;B+=h*d,B+=r*p,B+=n*(5*E),B+=a*(5*_),B+=o*(5*A),H=B>>>13,B&=8191,B+=c*(5*w),B+=l*(5*K),B+=u*(5*b),B+=f*(5*g),B+=y*(5*m),H+=B>>>13,B&=8191;let X=H;X+=h*m,X+=r*d,X+=n*p,X+=a*(5*E),X+=o*(5*_),H=X>>>13,X&=8191,X+=c*(5*A),X+=l*(5*w),X+=u*(5*K),X+=f*(5*b),X+=y*(5*g),H+=X>>>13,X&=8191;let C=H;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*E),H=C>>>13,C&=8191,C+=c*(5*_),C+=l*(5*A),C+=u*(5*w),C+=f*(5*K),C+=y*(5*b),H+=C>>>13,C&=8191;let T=H;T+=h*b,T+=r*g,T+=n*m,T+=a*d,T+=o*p,H=T>>>13,T&=8191,T+=c*(5*E),T+=l*(5*_),T+=u*(5*A),T+=f*(5*w),T+=y*(5*K),H+=T>>>13,T&=8191;let O=H;O+=h*K,O+=r*b,O+=n*g,O+=a*m,O+=o*d,H=O>>>13,O&=8191,O+=c*p,O+=l*(5*E),O+=u*(5*_),O+=f*(5*A),O+=y*(5*w),H+=O>>>13,O&=8191;let I=H;I+=h*w,I+=r*K,I+=n*b,I+=a*g,I+=o*m,H=I>>>13,I&=8191,I+=c*d,I+=l*p,I+=u*(5*E),I+=f*(5*_),I+=y*(5*A),H+=I>>>13,I&=8191;let Y=H;Y+=h*A,Y+=r*w,Y+=n*K,Y+=a*b,Y+=o*g,H=Y>>>13,Y&=8191,Y+=c*m,Y+=l*d,Y+=u*p,Y+=f*(5*E),Y+=y*(5*_),H+=Y>>>13,Y&=8191;let z=H;z+=h*_,z+=r*A,z+=n*w,z+=a*K,z+=o*b,H=z>>>13,z&=8191,z+=c*g,z+=l*m,z+=u*d,z+=f*p,z+=y*(5*E),H+=z>>>13,z&=8191;let j=H;j+=h*E,j+=r*_,j+=n*A,j+=a*w,j+=o*K,H=j>>>13,j&=8191,j+=c*b,j+=l*g,j+=u*m,j+=f*d,j+=y*p,H+=j>>>13,j&=8191,H=(H<<2)+H|0,H=H+P|0,P=8191&H,H>>>=13,B+=H,h=P,r=B,n=X,a=C,o=T,c=O,l=I,u=Y,f=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=c,this.h[6]=l,this.h[7]=u,this.h[8]=f,this.h[9]=y}finish(t,e){if(this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;t[e+0]=this.h[0]>>>0&255,t[e+1]=this.h[0]>>>8&255,t[e+2]=this.h[1]>>>0&255,t[e+3]=this.h[1]>>>8&255,t[e+4]=this.h[2]>>>0&255,t[e+5]=this.h[2]>>>8&255,t[e+6]=this.h[3]>>>0&255,t[e+7]=this.h[3]>>>8&255,t[e+8]=this.h[4]>>>0&255,t[e+9]=this.h[4]>>>8&255,t[e+10]=this.h[5]>>>0&255,t[e+11]=this.h[5]>>>8&255,t[e+12]=this.h[6]>>>0&255,t[e+13]=this.h[6]>>>8&255,t[e+14]=this.h[7]>>>0&255,t[e+15]=this.h[7]>>>8&255}update(t,e,s){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}}a.KEYBYTES=32,a.TAGBYTES=16,a.BLOCKBYTES=16;var o=Object.freeze({__proto__:null,Poly1305:a});const c=new Uint8Array(16);function l(t,e){const s=15&e;0!==s&&t.update(c,0,16-s)}function u(t,e,s,i,h,n){const o=new Uint8Array(a.KEYBYTES);r(e,s,o,o,0);const c=new a(o);void 0!==n&&(c.update(n,0,n.byteLength),l(c,n.byteLength)),c.update(i,0,h),l(c,h);const u=new Uint8Array(16),f=new DataView(u.buffer);void 0!==n&&f.setUint32(0,n.byteLength,!0),f.setUint32(8,h,!0),c.update(u,0,u.byteLength),c.finish(t,0)}function f(t,e,s,i,h,n,a){r(h,n,t,e,1,s),u(i,h,n,e,s,a)}function y(t,e,s,i){const h=new Uint8Array(t.byteLength+16);return f(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function p(t,e,s,i,h,n,a){const o=new Uint8Array(16);u(o,h,n,e,s,a);const c=0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(o,i,o.byteLength);return c&&r(h,n,e,t,1,s),c}class d extends Error{}function m(t,e,s,i){const h=new Uint8Array(t.byteLength-16);if(!p(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new d("ChaCha20Poly1305 AEAD authentication failed");return h}var g=Object.freeze({__proto__:null,AEAD_CHACHA20_POLY1305_KEYBYTES:32,AEAD_CHACHA20_POLY1305_NONCEBYTES:12,AEAD_CHACHA20_POLY1305_TAGBYTES:16,AuthenticationFailure:d,aead_decrypt:m,aead_decrypt_detached:p,aead_encrypt:y,aead_encrypt_detached:f});function b(t,e){return t>>>e|t<<32-e}function K(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=b(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=b(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=b(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=b(t[s]^t[i],7)}const w=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),A=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function _(t,e){return A[(t<<4)+e]}class E{static digest(t,e,s){const i=new E(e,s);return i.update(t),i.final()}constructor(t=E.OUTBYTES,e){var s;this.outlen=t,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(w),this.t=new Uint32Array(2),this.c=0;const i=null!==(s=null==e?void 0:e.byteLength)&&void 0!==s?s:0;if(0==t||t>32||i>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^i<<8^t,void 0!==e&&i>0&&(this.update(e),this.c=64)}update(t){for(let e=0;e<t.byteLength;e++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[e]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=w[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)K(e,0,4,8,12,s[_(t,0)],s[_(t,1)]),K(e,1,5,9,13,s[_(t,2)],s[_(t,3)]),K(e,2,6,10,14,s[_(t,4)],s[_(t,5)]),K(e,3,7,11,15,s[_(t,6)],s[_(t,7)]),K(e,0,5,10,15,s[_(t,8)],s[_(t,9)]),K(e,1,6,11,12,s[_(t,10)],s[_(t,11)]),K(e,2,7,8,13,s[_(t,12)],s[_(t,13)]),K(e,3,4,9,14,s[_(t,14)],s[_(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}}E.KEYBYTES=32,E.OUTBYTES=32,E.BLOCKLEN=64;var U=Object.freeze({__proto__:null,BLAKE2s:E});class v{constructor(t=0,e=0){this.lo=t,this.hi=e}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0){this.lo=t,this.hi=e}static get MAX(){return new v(4294967295,4294967295)}}function M(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function S(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const N=new Uint8Array(0);class L{constructor(t){const e=this.generateKeypair();this.dhlen=this.dh(e,e.public).byteLength,this.hmac=null!=t?t:function(t){const e=new Uint8Array(t.hashBlocklen());e.fill(54);const s=new Uint8Array(t.hashBlocklen());return s.fill(92),(i,h)=>{const r=t._padOrHash(i,t.hashBlocklen());return t.hash(S(M(r,s),t.hash(S(M(r,e),h))))}}(this)}rekey(t){return new DataView(this.encrypt(t,v.MAX,new Uint8Array(32)).buffer)}_padOrHash(t,e){const s=t.byteLength>e?this.hash(t):t;return S(s,new Uint8Array(e-s.byteLength))}hkdf(t,e,s){const i=this.hmac(t,e),h=this.hmac(i,Uint8Array.from([1])),r=this.hmac(i,S(h,Uint8Array.from([2])));switch(s){case 2:return[h,r];case 3:return[h,r,this.hmac(i,S(r,Uint8Array.from([3])))]}}matchingPattern(t){const e=new RegExp(`^Noise_([A-Za-z0-9+]+)_${this.dhName()}_${this.cipherName()}_${this.hashName()}$`).exec(t);return null===e?null:e[1]}}class k{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new v,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.encrypt(this.view,this.nonce,t,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.decrypt(this.view,this.nonce,t,e);return this.nonce.increment(),s}rekey(){null!==this.view&&(this.view=this.algorithms.rekey(this.view))}}var x=Object.freeze({__proto__:null,CipherState:k,NoiseHandshake:class{constructor(t,e,s,i={}){var h,r,n,a,o;this.algorithms=t,this.pattern=e,this.role=s,this.stepIndex=0,this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const c=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dhName()+"_"+this.algorithms.cipherName()+"_"+this.algorithms.hashName());this.cipherState=new k(this.algorithms),this.chainingKey=this.algorithms._padOrHash(c,this.algorithms.hash(N).byteLength),this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:N),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public)))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash(S(this.handshakeHash,t))}mixKey(t){const[e,s]=this.algorithms.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new k(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.algorithms.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new k(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.algorithms.hkdf(this.chainingKey,N,2).map((t=>new k(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dhlen),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dhlen+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}},NoiseProtocolAlgorithms:L,Nonce:v,bytesAppend:S,bytesXor:M});const H={};function P(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};H[h.name]=h}P("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),P("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),P("I1N",[["e","s"],["e","ee"],["se"]],[],[]),P("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),P("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),P("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),P("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),P("IN",[["e","s"],["e","ee","se"]],[],[]),P("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),P("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),P("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),P("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),P("K1N",[["e"],["e","ee"],["se"]],["s"],[]),P("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),P("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),P("K",[["e","es","ss"]],["s"],["s"]),P("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),P("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),P("KN",[["e"],["e","ee","se"]],["s"],[]),P("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),P("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),P("N",[["e","es"]],[],["s"]),P("NK1",[["e"],["e","ee","es"]],[],["s"]),P("NK",[["e","es"],["e","ee"]],[],["s"]),P("NN",[["e"],["e","ee"]],[],[]),P("NX1",[["e"],["e","ee","s"],["es"]],[],[]),P("NX",[["e"],["e","ee","s","es"]],[],[]),P("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),P("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),P("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),P("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),P("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),P("X",[["e","es","s","ss"]],[],["s"]),P("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),P("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),P("XN",[["e"],["e","ee"],["s","se"]],[],[]),P("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),P("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const B=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,X=/^psk([0-9]+)$/;var C=Object.freeze({__proto__:null,PATTERNS:H,isOneWay:function(t){return 1===t.baseName.length},lookupPattern:function(t){var e,s,i;const h=B.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=H[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=X.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}});const T=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function O(t){const e=new Uint8Array(t);return T(e,t),e}var I=Object.freeze({__proto__:null,_randomBytes:T,randomBytes:O});function Y(){return new Float64Array(16)}const z=new Uint8Array(32);z[0]=9;const j=Y();function D(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function V(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function R(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function $(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function q(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,c=0,l=0,u=0,f=0,y=0,p=0,d=0,m=0,g=0,b=0,K=0,w=0,A=0,_=0,E=0,U=0,v=0,M=0,S=0,N=0,L=0,k=0,x=0,H=0,P=0;const B=s[0],X=s[1],C=s[2],T=s[3],O=s[4],I=s[5],Y=s[6],z=s[7],j=s[8],D=s[9],V=s[10],R=s[11],$=s[12],q=s[13],F=s[14],G=s[15];let W=e[0];i+=W*B,h+=W*X,r+=W*C,n+=W*T,a+=W*O,o+=W*I,c+=W*Y,l+=W*z,u+=W*j,f+=W*D,y+=W*V,p+=W*R,d+=W*$,m+=W*q,g+=W*F,b+=W*G,W=e[1],h+=W*B,r+=W*X,n+=W*C,a+=W*T,o+=W*O,c+=W*I,l+=W*Y,u+=W*z,f+=W*j,y+=W*D,p+=W*V,d+=W*R,m+=W*$,g+=W*q,b+=W*F,K+=W*G,W=e[2],r+=W*B,n+=W*X,a+=W*C,o+=W*T,c+=W*O,l+=W*I,u+=W*Y,f+=W*z,y+=W*j,p+=W*D,d+=W*V,m+=W*R,g+=W*$,b+=W*q,K+=W*F,w+=W*G,W=e[3],n+=W*B,a+=W*X,o+=W*C,c+=W*T,l+=W*O,u+=W*I,f+=W*Y,y+=W*z,p+=W*j,d+=W*D,m+=W*V,g+=W*R,b+=W*$,K+=W*q,w+=W*F,A+=W*G,W=e[4],a+=W*B,o+=W*X,c+=W*C,l+=W*T,u+=W*O,f+=W*I,y+=W*Y,p+=W*z,d+=W*j,m+=W*D,g+=W*V,b+=W*R,K+=W*$,w+=W*q,A+=W*F,_+=W*G,W=e[5],o+=W*B,c+=W*X,l+=W*C,u+=W*T,f+=W*O,y+=W*I,p+=W*Y,d+=W*z,m+=W*j,g+=W*D,b+=W*V,K+=W*R,w+=W*$,A+=W*q,_+=W*F,E+=W*G,W=e[6],c+=W*B,l+=W*X,u+=W*C,f+=W*T,y+=W*O,p+=W*I,d+=W*Y,m+=W*z,g+=W*j,b+=W*D,K+=W*V,w+=W*R,A+=W*$,_+=W*q,E+=W*F,U+=W*G,W=e[7],l+=W*B,u+=W*X,f+=W*C,y+=W*T,p+=W*O,d+=W*I,m+=W*Y,g+=W*z,b+=W*j,K+=W*D,w+=W*V,A+=W*R,_+=W*$,E+=W*q,U+=W*F,v+=W*G,W=e[8],u+=W*B,f+=W*X,y+=W*C,p+=W*T,d+=W*O,m+=W*I,g+=W*Y,b+=W*z,K+=W*j,w+=W*D,A+=W*V,_+=W*R,E+=W*$,U+=W*q,v+=W*F,M+=W*G,W=e[9],f+=W*B,y+=W*X,p+=W*C,d+=W*T,m+=W*O,g+=W*I,b+=W*Y,K+=W*z,w+=W*j,A+=W*D,_+=W*V,E+=W*R,U+=W*$,v+=W*q,M+=W*F,S+=W*G,W=e[10],y+=W*B,p+=W*X,d+=W*C,m+=W*T,g+=W*O,b+=W*I,K+=W*Y,w+=W*z,A+=W*j,_+=W*D,E+=W*V,U+=W*R,v+=W*$,M+=W*q,S+=W*F,N+=W*G,W=e[11],p+=W*B,d+=W*X,m+=W*C,g+=W*T,b+=W*O,K+=W*I,w+=W*Y,A+=W*z,_+=W*j,E+=W*D,U+=W*V,v+=W*R,M+=W*$,S+=W*q,N+=W*F,L+=W*G,W=e[12],d+=W*B,m+=W*X,g+=W*C,b+=W*T,K+=W*O,w+=W*I,A+=W*Y,_+=W*z,E+=W*j,U+=W*D,v+=W*V,M+=W*R,S+=W*$,N+=W*q,L+=W*F,k+=W*G,W=e[13],m+=W*B,g+=W*X,b+=W*C,K+=W*T,w+=W*O,A+=W*I,_+=W*Y,E+=W*z,U+=W*j,v+=W*D,M+=W*V,S+=W*R,N+=W*$,L+=W*q,k+=W*F,x+=W*G,W=e[14],g+=W*B,b+=W*X,K+=W*C,w+=W*T,A+=W*O,_+=W*I,E+=W*Y,U+=W*z,v+=W*j,M+=W*D,S+=W*V,N+=W*R,L+=W*$,k+=W*q,x+=W*F,H+=W*G,W=e[15],b+=W*B,K+=W*X,w+=W*C,A+=W*T,_+=W*O,E+=W*I,U+=W*Y,v+=W*z,M+=W*j,S+=W*D,N+=W*V,L+=W*R,k+=W*$,x+=W*q,H+=W*F,P+=W*G,i+=38*K,h+=38*w,r+=38*A,n+=38*_,a+=38*E,o+=38*U,c+=38*v,l+=38*M,u+=38*S,f+=38*N,y+=38*L,p+=38*k,d+=38*x,m+=38*H,g+=38*P;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=b+Z+65535,Z=Math.floor(W/65536),b=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=b+Z+65535,Z=Math.floor(W/65536),b=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=c,t[7]=l,t[8]=u,t[9]=f,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=b}function F(t,e){q(t,e,e)}function G(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=Y(),n=Y(),a=Y(),o=Y(),c=Y(),l=Y();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;V(r,n,e),V(a,o,e),R(c,r,a),$(r,r,a),R(a,n,o),$(n,n,o),F(o,c),F(l,r),q(r,a,r),q(a,n,c),R(c,r,a),$(r,r,a),F(n,r),$(a,o,l),q(r,a,j),R(r,r,o),q(a,a,r),q(r,o,l),q(o,n,h),F(n,c),V(r,n,e),V(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const u=h.subarray(32),f=h.subarray(16);!function(t,e){const s=Y();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)F(s,s),2!==t&&4!==t&&q(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(u,u),q(f,f,u),function(t,e){const s=Y(),i=Y();for(let t=0;t<16;t++)i[t]=e[t];D(i),D(i),D(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,V(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,f)}function W(t,e){G(t,e,z)}function Z(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return G(s,t,e),s}function J(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return W(e,t),e}j[0]=56129,j[1]=1,Z.scalarLength=32,Z.groupElementLength=32;var Q=Object.freeze({__proto__:null,crypto_scalarmult:G,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:W,scalarMult:Z,scalarMultBase:J});function tt(t){const e=new DataView(new ArrayBuffer(12));return e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}var et=Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:class extends L{constructor(){super()}dhName(){return"25519"}generateKeypair(){const t=O(Z.scalarLength);return{public:J(t),secret:t}}dh(t,e){return Z(t.secret,e)}cipherName(){return"ChaChaPoly"}encrypt(t,e,s,i){return y(s,t,tt(e),i)}decrypt(t,e,s,i){return m(s,t,tt(e),i)}hashName(){return"BLAKE2s"}hash(t){return E.digest(t)}hashBlocklen(){return E.BLOCKLEN}}});t.AEAD=g,t.BLAKE2=U,t.ChaCha20=n,t.Noise=x,t.NoiseProfiles=et,t.Patterns=C,t.Poly1305=o,t.Random=I,t.X25519=Q})); | ||
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}const r={NAME:"chacha20",KEYBYTES:32,NONCEBYTES:12,BLOCKBYTES:64,stream_xor(t,e,s,i,n=0,a=s.byteLength){const o=function(t){const e=new DataView(new ArrayBuffer(r.NONCEBYTES));return e.setUint32(0,t.extra,!0),e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}(e),l=a>>6,c=63&a;for(let e=0;e<l;e++){const r=h(t,n+e,o);for(let t=0;t<64;t++)i[(e<<6)+t]=s[(e<<6)+t]^r[t>>2]>>((3&t)<<3)}if(0!==c){const e=h(t,n+l,o);for(let t=0;t<c;t++)i[(l<<6)+t]=s[(l<<6)+t]^e[t>>2]>>((3&t)<<3)}}};var n,a=Object.freeze({__proto__:null,ChaCha20:r,chacha20_block:h,chacha20_quarter_round:s});const o=(n=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s){if(this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0,!e)throw new Error("Poly1305: key required");if((null!=s?s:t.OUTBYTES)!==t.OUTBYTES)throw new Error("Poly1305: outlen != OUTBYTES");const i=255&e[0]|(255&e[1])<<8;this.r[0]=8191&i;const h=255&e[2]|(255&e[3])<<8;this.r[1]=8191&(i>>>13|h<<3);const r=255&e[4]|(255&e[5])<<8;this.r[2]=7939&(h>>>10|r<<6);const n=255&e[6]|(255&e[7])<<8;this.r[3]=8191&(r>>>7|n<<9);const a=255&e[8]|(255&e[9])<<8;this.r[4]=255&(n>>>4|a<<12),this.r[5]=a>>>1&8190;const o=255&e[10]|(255&e[11])<<8;this.r[6]=8191&(a>>>14|o<<2);const l=255&e[12]|(255&e[13])<<8;this.r[7]=8065&(o>>>11|l<<5);const c=255&e[14]|(255&e[15])<<8;this.r[8]=8191&(l>>>8|c<<8),this.r[9]=c>>>5&127,this.pad[0]=255&e[16]|(255&e[17])<<8,this.pad[1]=255&e[18]|(255&e[19])<<8,this.pad[2]=255&e[20]|(255&e[21])<<8,this.pad[3]=255&e[22]|(255&e[23])<<8,this.pad[4]=255&e[24]|(255&e[25])<<8,this.pad[5]=255&e[26]|(255&e[27])<<8,this.pad[6]=255&e[28]|(255&e[29])<<8,this.pad[7]=255&e[30]|(255&e[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],l=this.h[5],c=this.h[6],u=this.h[7],f=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],K=this.r[4],b=this.r[5],w=this.r[6],E=this.r[7],_=this.r[8],A=this.r[9];for(;s>=16;){const M=255&t[e+0]|(255&t[e+1])<<8;h+=8191&M;const U=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(M>>>13|U<<3);const v=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(U>>>10|v<<6);const S=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(v>>>7|S<<9);const N=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(S>>>4|N<<12),l+=N>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;c+=8191&(N>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;u+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;f+=8191&(k>>>8|x<<8),y+=x>>>5|i;let T=0,B=T;B+=h*p,B+=r*(5*A),B+=n*(5*_),B+=a*(5*E),B+=o*(5*w),T=B>>>13,B&=8191,B+=l*(5*b),B+=c*(5*K),B+=u*(5*g),B+=f*(5*m),B+=y*(5*d),T+=B>>>13,B&=8191;let P=T;P+=h*d,P+=r*p,P+=n*(5*A),P+=a*(5*_),P+=o*(5*E),T=P>>>13,P&=8191,P+=l*(5*w),P+=c*(5*b),P+=u*(5*K),P+=f*(5*g),P+=y*(5*m),T+=P>>>13,P&=8191;let O=T;O+=h*m,O+=r*d,O+=n*p,O+=a*(5*A),O+=o*(5*_),T=O>>>13,O&=8191,O+=l*(5*E),O+=c*(5*w),O+=u*(5*b),O+=f*(5*K),O+=y*(5*g),T+=O>>>13,O&=8191;let C=T;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*A),T=C>>>13,C&=8191,C+=l*(5*_),C+=c*(5*E),C+=u*(5*w),C+=f*(5*b),C+=y*(5*K),T+=C>>>13,C&=8191;let H=T;H+=h*K,H+=r*g,H+=n*m,H+=a*d,H+=o*p,T=H>>>13,H&=8191,H+=l*(5*A),H+=c*(5*_),H+=u*(5*E),H+=f*(5*w),H+=y*(5*b),T+=H>>>13,H&=8191;let X=T;X+=h*b,X+=r*K,X+=n*g,X+=a*m,X+=o*d,T=X>>>13,X&=8191,X+=l*p,X+=c*(5*A),X+=u*(5*_),X+=f*(5*E),X+=y*(5*w),T+=X>>>13,X&=8191;let Y=T;Y+=h*w,Y+=r*b,Y+=n*K,Y+=a*g,Y+=o*m,T=Y>>>13,Y&=8191,Y+=l*d,Y+=c*p,Y+=u*(5*A),Y+=f*(5*_),Y+=y*(5*E),T+=Y>>>13,Y&=8191;let I=T;I+=h*E,I+=r*w,I+=n*b,I+=a*K,I+=o*g,T=I>>>13,I&=8191,I+=l*m,I+=c*d,I+=u*p,I+=f*(5*A),I+=y*(5*_),T+=I>>>13,I&=8191;let z=T;z+=h*_,z+=r*E,z+=n*w,z+=a*b,z+=o*K,T=z>>>13,z&=8191,z+=l*g,z+=c*m,z+=u*d,z+=f*p,z+=y*(5*A),T+=z>>>13,z&=8191;let j=T;j+=h*A,j+=r*_,j+=n*E,j+=a*w,j+=o*b,T=j>>>13,j&=8191,j+=l*K,j+=c*g,j+=u*m,j+=f*d,j+=y*p,T+=j>>>13,j&=8191,T=(T<<2)+T|0,T=T+B|0,B=8191&T,T>>>=13,P+=T,h=B,r=P,n=O,a=C,o=H,l=X,c=Y,u=I,f=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=l,this.h[6]=c,this.h[7]=u,this.h[8]=f,this.h[9]=y}final(e){if(e||(e=new Uint8Array(t.OUTBYTES)),this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;return e[0]=this.h[0]>>>0&255,e[1]=this.h[0]>>>8&255,e[2]=this.h[1]>>>0&255,e[3]=this.h[1]>>>8&255,e[4]=this.h[2]>>>0&255,e[5]=this.h[2]>>>8&255,e[6]=this.h[3]>>>0&255,e[7]=this.h[3]>>>8&255,e[8]=this.h[4]>>>0&255,e[9]=this.h[4]>>>8&255,e[10]=this.h[5]>>>0&255,e[11]=this.h[5]>>>8&255,e[12]=this.h[6]>>>0&255,e[13]=this.h[6]>>>8&255,e[14]=this.h[7]>>>0&255,e[15]=this.h[7]>>>8&255,e}update(t,e=0,s=t.byteLength){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}},n.NAME="Poly1305",n.KEYBYTES=32,n.OUTBYTES=16,n.BLOCKLEN=16,n);var l=Object.freeze({__proto__:null,Poly1305:o});function c(t,e,s){return 0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(t,e,s)}function u(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function f(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const y=new Uint8Array(0);var p=Object.freeze({__proto__:null,EMPTY:y,append:f,equal:c,xor:u});const d=new Uint8Array(16);function m(t,e){const s=15&e;0!==s&&t.update(d,0,16-s)}function g(t,e,s,i,h,n){const a=new Uint8Array(o.KEYBYTES);r.stream_xor(e,s,a,a,0);const l=new o(a);void 0!==n&&(l.update(n,0,n.byteLength),m(l,n.byteLength)),l.update(i,0,h),m(l,h);const c=new Uint8Array(16),u=new DataView(c.buffer);void 0!==n&&u.setUint32(0,n.byteLength,!0),u.setUint32(8,h,!0),l.update(c,0,c.byteLength),l.final(t)}const K={NAME:"ChaChaPoly",KEYBYTES:32,NONCEBYTES:12,TAGBYTES:16,encrypt_detached(t,e,s,i,h,n,a){r.stream_xor(h,n,t,e,1,s),g(i,h,n,e,s,a)},encrypt:E,decrypt_detached(t,e,s,i,h,n,a){const o=new Uint8Array(this.TAGBYTES);g(o,h,n,e,s,a);const l=c(o,i,o.byteLength);return l&&r.stream_xor(h,n,e,t,1,s),l},decrypt:_};var b=Object.freeze({__proto__:null,ChaCha20Poly1305_RFC8439:K});class w extends Error{}function E(t,e,s,i){const h=new Uint8Array(t.byteLength+this.TAGBYTES);return this.encrypt_detached(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function _(t,e,s,i){const h=new Uint8Array(t.byteLength-this.TAGBYTES);if(!this.decrypt_detached(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new w("AEAD authentication failed");return h}const A=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function M(t){const e=new Uint8Array(t);return A(e,t),e}function U(){return new Float64Array(16)}const v=new Uint8Array(32);v[0]=9;const S=U();function N(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function L(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function k(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function x(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function T(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,l=0,c=0,u=0,f=0,y=0,p=0,d=0,m=0,g=0,K=0,b=0,w=0,E=0,_=0,A=0,M=0,U=0,v=0,S=0,N=0,L=0,k=0,x=0,T=0,B=0;const P=s[0],O=s[1],C=s[2],H=s[3],X=s[4],Y=s[5],I=s[6],z=s[7],j=s[8],D=s[9],R=s[10],V=s[11],F=s[12],$=s[13],q=s[14],G=s[15];let W=e[0];i+=W*P,h+=W*O,r+=W*C,n+=W*H,a+=W*X,o+=W*Y,l+=W*I,c+=W*z,u+=W*j,f+=W*D,y+=W*R,p+=W*V,d+=W*F,m+=W*$,g+=W*q,K+=W*G,W=e[1],h+=W*P,r+=W*O,n+=W*C,a+=W*H,o+=W*X,l+=W*Y,c+=W*I,u+=W*z,f+=W*j,y+=W*D,p+=W*R,d+=W*V,m+=W*F,g+=W*$,K+=W*q,b+=W*G,W=e[2],r+=W*P,n+=W*O,a+=W*C,o+=W*H,l+=W*X,c+=W*Y,u+=W*I,f+=W*z,y+=W*j,p+=W*D,d+=W*R,m+=W*V,g+=W*F,K+=W*$,b+=W*q,w+=W*G,W=e[3],n+=W*P,a+=W*O,o+=W*C,l+=W*H,c+=W*X,u+=W*Y,f+=W*I,y+=W*z,p+=W*j,d+=W*D,m+=W*R,g+=W*V,K+=W*F,b+=W*$,w+=W*q,E+=W*G,W=e[4],a+=W*P,o+=W*O,l+=W*C,c+=W*H,u+=W*X,f+=W*Y,y+=W*I,p+=W*z,d+=W*j,m+=W*D,g+=W*R,K+=W*V,b+=W*F,w+=W*$,E+=W*q,_+=W*G,W=e[5],o+=W*P,l+=W*O,c+=W*C,u+=W*H,f+=W*X,y+=W*Y,p+=W*I,d+=W*z,m+=W*j,g+=W*D,K+=W*R,b+=W*V,w+=W*F,E+=W*$,_+=W*q,A+=W*G,W=e[6],l+=W*P,c+=W*O,u+=W*C,f+=W*H,y+=W*X,p+=W*Y,d+=W*I,m+=W*z,g+=W*j,K+=W*D,b+=W*R,w+=W*V,E+=W*F,_+=W*$,A+=W*q,M+=W*G,W=e[7],c+=W*P,u+=W*O,f+=W*C,y+=W*H,p+=W*X,d+=W*Y,m+=W*I,g+=W*z,K+=W*j,b+=W*D,w+=W*R,E+=W*V,_+=W*F,A+=W*$,M+=W*q,U+=W*G,W=e[8],u+=W*P,f+=W*O,y+=W*C,p+=W*H,d+=W*X,m+=W*Y,g+=W*I,K+=W*z,b+=W*j,w+=W*D,E+=W*R,_+=W*V,A+=W*F,M+=W*$,U+=W*q,v+=W*G,W=e[9],f+=W*P,y+=W*O,p+=W*C,d+=W*H,m+=W*X,g+=W*Y,K+=W*I,b+=W*z,w+=W*j,E+=W*D,_+=W*R,A+=W*V,M+=W*F,U+=W*$,v+=W*q,S+=W*G,W=e[10],y+=W*P,p+=W*O,d+=W*C,m+=W*H,g+=W*X,K+=W*Y,b+=W*I,w+=W*z,E+=W*j,_+=W*D,A+=W*R,M+=W*V,U+=W*F,v+=W*$,S+=W*q,N+=W*G,W=e[11],p+=W*P,d+=W*O,m+=W*C,g+=W*H,K+=W*X,b+=W*Y,w+=W*I,E+=W*z,_+=W*j,A+=W*D,M+=W*R,U+=W*V,v+=W*F,S+=W*$,N+=W*q,L+=W*G,W=e[12],d+=W*P,m+=W*O,g+=W*C,K+=W*H,b+=W*X,w+=W*Y,E+=W*I,_+=W*z,A+=W*j,M+=W*D,U+=W*R,v+=W*V,S+=W*F,N+=W*$,L+=W*q,k+=W*G,W=e[13],m+=W*P,g+=W*O,K+=W*C,b+=W*H,w+=W*X,E+=W*Y,_+=W*I,A+=W*z,M+=W*j,U+=W*D,v+=W*R,S+=W*V,N+=W*F,L+=W*$,k+=W*q,x+=W*G,W=e[14],g+=W*P,K+=W*O,b+=W*C,w+=W*H,E+=W*X,_+=W*Y,A+=W*I,M+=W*z,U+=W*j,v+=W*D,S+=W*R,N+=W*V,L+=W*F,k+=W*$,x+=W*q,T+=W*G,W=e[15],K+=W*P,b+=W*O,w+=W*C,E+=W*H,_+=W*X,A+=W*Y,M+=W*I,U+=W*z,v+=W*j,S+=W*D,N+=W*R,L+=W*V,k+=W*F,x+=W*$,T+=W*q,B+=W*G,i+=38*b,h+=38*w,r+=38*E,n+=38*_,a+=38*A,o+=38*M,l+=38*U,c+=38*v,u+=38*S,f+=38*N,y+=38*L,p+=38*k,d+=38*x,m+=38*T,g+=38*B;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=l,t[7]=c,t[8]=u,t[9]=f,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=K}function B(t,e){T(t,e,e)}function P(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=U(),n=U(),a=U(),o=U(),l=U(),c=U();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;L(r,n,e),L(a,o,e),k(l,r,a),x(r,r,a),k(a,n,o),x(n,n,o),B(o,l),B(c,r),T(r,a,r),T(a,n,l),k(l,r,a),x(r,r,a),B(n,r),x(a,o,c),T(r,a,S),k(r,r,o),T(a,a,r),T(r,o,c),T(o,n,h),B(n,l),L(r,n,e),L(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const u=h.subarray(32),f=h.subarray(16);!function(t,e){const s=U();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)B(s,s),2!==t&&4!==t&&T(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(u,u),T(f,f,u),function(t,e){const s=U(),i=U();for(let t=0;t<16;t++)i[t]=e[t];N(i),N(i),N(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,L(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,f)}function O(t,e){P(t,e,v)}function C(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return P(s,t,e),s}function H(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return O(e,t),e}S[0]=56129,S[1]=1,C.scalarLength=32,C.groupElementLength=32;var X=Object.freeze({__proto__:null,crypto_scalarmult:P,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:O,scalarMult:C,scalarMultBase:H});const Y={NAME:"25519",DHLEN:C.groupElementLength,generateKeypair(){const t=M(C.scalarLength);return{public:H(t),secret:t}},dh:(t,e)=>C(t.secret,e)};var I;function z(t,e){return t>>>e|t<<32-e}function j(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=z(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=z(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],7)}const D=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),R=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function V(t,e){return R[(t<<4)+e]}const F=(I=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s=t.OUTBYTES){var i;this.outlen=s,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(D),this.t=new Uint32Array(2),this.c=0;const h=null!==(i=null==e?void 0:e.byteLength)&&void 0!==i?i:0;if(0==s||s>32||h>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^h<<8^s,e&&h>0&&(this.update(e),this.c=64)}update(t,e=0,s=t.byteLength){for(let i=e;i<e+s;i++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[i]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=D[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)j(e,0,4,8,12,s[V(t,0)],s[V(t,1)]),j(e,1,5,9,13,s[V(t,2)],s[V(t,3)]),j(e,2,6,10,14,s[V(t,4)],s[V(t,5)]),j(e,3,7,11,15,s[V(t,6)],s[V(t,7)]),j(e,0,5,10,15,s[V(t,8)],s[V(t,9)]),j(e,1,6,11,12,s[V(t,10)],s[V(t,11)]),j(e,2,7,8,13,s[V(t,12)],s[V(t,13)]),j(e,3,4,9,14,s[V(t,14)],s[V(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}},I.NAME="BLAKE2s",I.KEYBYTES=32,I.OUTBYTES=32,I.BLOCKLEN=64,I);var $=Object.freeze({__proto__:null,BLAKE2s:F});function q(t){return function(e,s,i){const h=t(e,s),r=t(h,Uint8Array.from([1])),n=t(h,f(r,Uint8Array.from([2])));switch(i){case 2:return[r,n];case 3:return[r,n,t(h,f(n,Uint8Array.from([3])))]}}}function G(t){const e=new Uint8Array(t.BLOCKLEN);e.fill(54);const s=new Uint8Array(t.BLOCKLEN);s.fill(92);const i=(i,h)=>{const r=i.byteLength>t.BLOCKLEN?t.digest(i):i,n=f(r,new Uint8Array(t.BLOCKLEN-r.byteLength));return t.digest(f(u(n,s),t.digest(f(u(n,e),h))))};return i.NAME="HMAC-"+t.NAME,i}function W(t,e){const s=new RegExp(`^Noise_([A-Za-z0-9+]+)_${t.dh.NAME}_${t.aead.NAME}_${t.hash.NAME}$`).exec(e);return null===s?null:s[1]}var Z=Object.freeze({__proto__:null,matchPattern:W});class J{constructor(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}static get MAX(){return new J(4294967295,4294967295)}}function Q(t){return e=>new DataView(t.encrypt(new Uint8Array(32),e,J.MAX).buffer)}var tt=Object.freeze({__proto__:null,makeRekey:Q});class et{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new J,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.encrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.decrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}rekey(){var t;null!==this.view&&(this.view=(null!==(t=this.algorithms.rekey)&&void 0!==t?t:Q(this.algorithms.aead))(this.view))}}var st=Object.freeze({__proto__:null,CipherState:et});class it{constructor(t,e,s,i={}){var h,r,n,a,o,l,c;this.algorithms=t,this.pattern=e,this.role=s,this.stepIndex=0,this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.dh.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.dh.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const u=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dh.NAME+"_"+this.algorithms.aead.NAME+"_"+this.algorithms.hash.NAME);this.cipherState=new et(this.algorithms);{const t=this.algorithms.hash.OUTBYTES,e=u.byteLength>t?this.algorithms.hash.digest(u):u;this.chainingKey=f(e,new Uint8Array(t-e.byteLength))}this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:y),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public))),this.hkdf=null!==(l=this.algorithms.hkdf)&&void 0!==l?l:q(null!==(c=this.algorithms.hmac)&&void 0!==c?c:G(this.algorithms.hash))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash.digest(f(this.handshakeHash,t))}mixKey(t){const[e,s]=this.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new et(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new et(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.hkdf(this.chainingKey,y,2).map((t=>new et(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dh.DHLEN),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dh.DHLEN+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}}var ht=Object.freeze({__proto__:null,Handshake:it});const rt={};function nt(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};rt[h.name]=h}function at(t){return 1===t.baseName.length}nt("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),nt("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),nt("I1N",[["e","s"],["e","ee"],["se"]],[],[]),nt("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),nt("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),nt("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),nt("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),nt("IN",[["e","s"],["e","ee","se"]],[],[]),nt("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),nt("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),nt("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),nt("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),nt("K1N",[["e"],["e","ee"],["se"]],["s"],[]),nt("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),nt("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),nt("K",[["e","es","ss"]],["s"],["s"]),nt("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),nt("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),nt("KN",[["e"],["e","ee","se"]],["s"],[]),nt("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),nt("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),nt("N",[["e","es"]],[],["s"]),nt("NK1",[["e"],["e","ee","es"]],[],["s"]),nt("NK",[["e","es"],["e","ee"]],[],["s"]),nt("NN",[["e"],["e","ee"]],[],[]),nt("NX1",[["e"],["e","ee","s"],["es"]],[],[]),nt("NX",[["e"],["e","ee","s","es"]],[],[]),nt("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),nt("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),nt("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),nt("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),nt("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),nt("X",[["e","es","s","ss"]],[],["s"]),nt("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),nt("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),nt("XN",[["e"],["e","ee"],["s","se"]],[],[]),nt("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),nt("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const ot=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,lt=/^psk([0-9]+)$/;function ct(t){var e,s,i;const h=ot.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=rt[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=lt.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}const ut={dh:Y,aead:K,hash:F};const ft={aead:{chacha20poly1305:b},cipher:{chacha20:a},dh:{x25519:X},hash:{blake2s:$,poly1305:l},noise:{algorithms:Z,cipherstate:st,handshake:ht,patterns:Object.freeze({__proto__:null,PATTERNS:rt,isOneWay:at,lookupPattern:ct}),profiles:Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:ut}),rekey:tt}};t.AuthenticationFailure=w,t.BLAKE2s=F,t.Bytes=p,t.ChaCha20=r,t.ChaCha20Poly1305_RFC8439=K,t.CipherState=et,t.Handshake=it,t.INTERNALS=ft,t.Noise_25519_ChaChaPoly_BLAKE2s=ut,t.Nonce=J,t.PATTERNS=rt,t.Poly1305=o,t.X25519=Y,t._decrypt=_,t._encrypt=E,t._randomBytes=A,t.isOneWay=at,t.lookupPattern=ct,t.makeHKDF=q,t.makeHMAC=G,t.matchPattern=W,t.randomBytes=M})); |
{ | ||
"name": "salty-crypto", | ||
"version": "0.0.5", | ||
"version": "0.1.0", | ||
"description": "Noise Protocol Framework, plus X25519/ChaCha20Poly1305/BLAKE2s code, for browser and node.js", | ||
@@ -5,0 +5,0 @@ "author": "Tony Garnock-Jones <tonyg@leastfixedpoint.com>", |
138
src/aead.ts
/// SPDX-License-Identifier: MIT | ||
/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
// RFC-8439 AEAD construction. | ||
import { Nonce } from './nonce'; | ||
export const AEAD_CHACHA20_POLY1305_KEYBYTES = 32; | ||
export const AEAD_CHACHA20_POLY1305_NONCEBYTES = 12; | ||
export const AEAD_CHACHA20_POLY1305_TAGBYTES = 16; | ||
export class AuthenticationFailure extends Error {} | ||
import { chacha20 } from './chacha20'; | ||
import { Poly1305 } from './poly1305'; | ||
export interface AEAD { | ||
readonly NAME: string; | ||
readonly KEYBYTES: number; | ||
readonly NONCEBYTES: number; | ||
readonly TAGBYTES: number; | ||
const PADDING = new Uint8Array(16); | ||
encrypt_detached(plaintext: Uint8Array, | ||
ciphertext: Uint8Array, | ||
messagelength: number, | ||
tag: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): void; | ||
function pad16(p: Poly1305, unpadded_length: number) { | ||
const leftover = unpadded_length & 15; | ||
if (leftover !== 0) p.update(PADDING, 0, 16 - leftover); | ||
} | ||
encrypt(plaintext: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): Uint8Array; | ||
function aead_tag(tag: Uint8Array, | ||
key: DataView, | ||
nonce: DataView, | ||
ciphertext: Uint8Array, | ||
cipherlength: number, | ||
associated_data?: Uint8Array) | ||
{ | ||
const mac_key = new Uint8Array(Poly1305.KEYBYTES); | ||
chacha20(key, nonce, mac_key, mac_key, 0); | ||
const p = new Poly1305(mac_key); | ||
decrypt_detached(plaintext: Uint8Array, | ||
ciphertext: Uint8Array, | ||
messagelength: number, | ||
expected_tag: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): boolean; | ||
if (associated_data !== void 0) { | ||
p.update(associated_data, 0, associated_data.byteLength); | ||
pad16(p, associated_data.byteLength); | ||
} | ||
p.update(ciphertext, 0, cipherlength); | ||
pad16(p, cipherlength); | ||
const L = new Uint8Array(16); | ||
const Lv = new DataView(L.buffer); | ||
if (associated_data !== void 0) { | ||
Lv.setUint32(0, associated_data.byteLength, true); | ||
} | ||
Lv.setUint32(8, cipherlength, true); | ||
p.update(L, 0, L.byteLength); | ||
p.finish(tag, 0); | ||
decrypt(ciphertextAndTag: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): Uint8Array; | ||
} | ||
export function aead_encrypt_detached( | ||
plaintext: Uint8Array, | ||
ciphertext: Uint8Array, | ||
messagelength: number, | ||
tag: Uint8Array, | ||
key: DataView, | ||
nonce: DataView, | ||
associated_data?: Uint8Array, | ||
): void { | ||
chacha20(key, nonce, plaintext, ciphertext, 1, messagelength); | ||
aead_tag(tag, key, nonce, ciphertext, messagelength, associated_data); | ||
} | ||
export function aead_encrypt( | ||
plaintext: Uint8Array, | ||
key: DataView, | ||
nonce: DataView, | ||
associated_data?: Uint8Array, | ||
): Uint8Array { | ||
const ciphertextAndTag = new Uint8Array(plaintext.byteLength + AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
aead_encrypt_detached(plaintext, | ||
export function _encrypt(this: AEAD, | ||
plaintext: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): Uint8Array | ||
{ | ||
const ciphertextAndTag = new Uint8Array(plaintext.byteLength + this.TAGBYTES); | ||
this.encrypt_detached(plaintext, | ||
ciphertextAndTag, | ||
@@ -80,34 +58,10 @@ plaintext.byteLength, | ||
// `verify` from nacl-fast.js | ||
function verify(x: Uint8Array, y: Uint8Array, n: number): number { | ||
let d = 0; | ||
for (let i = 0; i < n; i++) d |= x[i]^y[i]; | ||
return (1 & ((d - 1) >>> 8)) - 1; | ||
} | ||
export function aead_decrypt_detached(plaintext: Uint8Array, | ||
ciphertext: Uint8Array, | ||
messagelength: number, | ||
expected_tag: Uint8Array, | ||
key: DataView, | ||
nonce: DataView, | ||
associated_data?: Uint8Array): boolean | ||
export function _decrypt(this: AEAD, | ||
ciphertextAndTag: Uint8Array, | ||
key: DataView, | ||
nonce: Nonce, | ||
associated_data?: Uint8Array): Uint8Array | ||
{ | ||
const actual_tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
aead_tag(actual_tag, key, nonce, ciphertext, messagelength, associated_data); | ||
const ok = verify(actual_tag, expected_tag, actual_tag.byteLength) === 0; | ||
if (ok) chacha20(key, nonce, ciphertext, plaintext, 1, messagelength); | ||
return ok; | ||
} | ||
export class AuthenticationFailure extends Error {} | ||
export function aead_decrypt( | ||
ciphertextAndTag: Uint8Array, | ||
key: DataView, | ||
nonce: DataView, | ||
associated_data?: Uint8Array, | ||
): Uint8Array { | ||
const plaintext = new Uint8Array(ciphertextAndTag.byteLength - AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
if (!aead_decrypt_detached(plaintext, | ||
const plaintext = new Uint8Array(ciphertextAndTag.byteLength - this.TAGBYTES); | ||
if (!this.decrypt_detached(plaintext, | ||
ciphertextAndTag, | ||
@@ -119,5 +73,7 @@ plaintext.byteLength, | ||
associated_data)) { | ||
throw new AuthenticationFailure("ChaCha20Poly1305 AEAD authentication failed"); | ||
throw new AuthenticationFailure("AEAD authentication failed"); | ||
} | ||
return plaintext; | ||
} | ||
export { ChaCha20Poly1305_RFC8439 } from './aead/chacha20poly1305'; |
/// SPDX-License-Identifier: MIT | ||
/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
export * as AEAD from './aead'; | ||
export * as BLAKE2 from './blake2'; | ||
export * as ChaCha20 from './chacha20'; | ||
export * as Noise from './noise'; | ||
export * as Patterns from './patterns'; | ||
export * as Poly1305 from './poly1305'; | ||
export * as NoiseProfiles from './profiles'; | ||
export * as Random from './random'; | ||
export * as X25519 from './x25519'; | ||
export * from './aead'; | ||
export * as Bytes from './bytes'; | ||
export * from './cipher'; | ||
export * from './dh'; | ||
export * from './hash'; | ||
export * from './hkdf'; | ||
export * from './hmac'; | ||
export * from './noise'; | ||
export * from './nonce'; | ||
export * from './random'; | ||
import * as chacha20poly1305 from './aead/chacha20poly1305'; | ||
import * as chacha20 from './cipher/chacha20'; | ||
import * as x25519 from './dh/x25519'; | ||
import * as blake2s from './hash/blake2s'; | ||
import * as poly1305 from './hash/poly1305'; | ||
import * as algorithms from './noise/algorithms'; | ||
import * as cipherstate from './noise/cipherstate'; | ||
import * as handshake from './noise/handshake'; | ||
import * as patterns from './noise/patterns'; | ||
import * as profiles from './noise/profiles'; | ||
import * as rekey from './noise/rekey'; | ||
export const INTERNALS = { | ||
aead: { | ||
chacha20poly1305, | ||
}, | ||
cipher: { | ||
chacha20, | ||
}, | ||
dh: { | ||
x25519, | ||
}, | ||
hash: { | ||
blake2s, | ||
poly1305, | ||
}, | ||
noise: { | ||
algorithms, | ||
cipherstate, | ||
handshake, | ||
patterns, | ||
profiles, | ||
rekey, | ||
}, | ||
}; |
380
src/noise.ts
/// SPDX-License-Identifier: MIT | ||
/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
export type DHKeyPair = { public: Uint8Array, secret: Uint8Array }; | ||
export class Nonce { | ||
constructor(public lo = 0, public hi = 0) {} | ||
increment() { | ||
const oldLo = this.lo; | ||
const newLo = (oldLo + 1) | 0; | ||
this.lo = newLo; | ||
if (newLo < oldLo) this.hi = (this.hi + 1) | 0; | ||
} | ||
reset(lo = 0, hi = 0) { | ||
this.lo = lo; | ||
this.hi = hi; | ||
} | ||
static get MAX(): Nonce { | ||
return new Nonce(0xffffffff, 0xffffffff); | ||
} | ||
} | ||
export function bytesXor(a: Uint8Array, b: Uint8Array): Uint8Array { | ||
const len = Math.min(a.byteLength, b.byteLength); | ||
const r = new Uint8Array(len); | ||
for (let i = 0; i < len; i++) r[i] = a[i] ^ b[i]; | ||
return r; | ||
} | ||
export function bytesAppend(a: Uint8Array, b: Uint8Array): Uint8Array { | ||
const r = new Uint8Array(a.byteLength + b.byteLength); | ||
r.set(a, 0); | ||
r.set(b, a.byteLength); | ||
return r; | ||
} | ||
const EMPTY_BYTES = new Uint8Array(0); | ||
export type HMAC = (key: Uint8Array, data: Uint8Array) => Uint8Array; | ||
function makeHMAC(algorithms: NoiseProtocolAlgorithms): HMAC { | ||
const HMAC_IPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_IPAD.fill(0x36); | ||
const HMAC_OPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_OPAD.fill(0x5c); | ||
return (key0, data) => { | ||
const key = algorithms._padOrHash(key0, algorithms.hashBlocklen()); | ||
return algorithms.hash(bytesAppend(bytesXor(key, HMAC_OPAD), | ||
algorithms.hash(bytesAppend(bytesXor(key, HMAC_IPAD), | ||
data)))); | ||
}; | ||
} | ||
export abstract class NoiseProtocolAlgorithms { | ||
readonly dhlen: number; | ||
readonly hmac: HMAC; | ||
constructor (hmac?: HMAC) { | ||
const tmp = this.generateKeypair(); | ||
this.dhlen = this.dh(tmp, tmp.public).byteLength; | ||
this.hmac = hmac ?? makeHMAC(this); | ||
} | ||
abstract dhName(): string; | ||
abstract generateKeypair(): DHKeyPair; | ||
abstract dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
abstract cipherName(): string; | ||
abstract encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
abstract decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
abstract hashName(): string; | ||
abstract hash(data: Uint8Array): Uint8Array; | ||
abstract hashBlocklen(): number; | ||
rekey(k: DataView): DataView { | ||
return new DataView(this.encrypt(k, Nonce.MAX, new Uint8Array(32)).buffer); | ||
} | ||
_padOrHash(bs0: Uint8Array, len: number): Uint8Array { | ||
const bs = bs0.byteLength > len ? this.hash(bs0) : bs0; | ||
return bytesAppend(bs, new Uint8Array(len - bs.byteLength)); | ||
} | ||
hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2 | 3): Uint8Array[] { | ||
const tempKey = this.hmac(chainingKey, input); | ||
const o1 = this.hmac(tempKey, Uint8Array.from([1])); | ||
const o2 = this.hmac(tempKey, bytesAppend(o1, Uint8Array.from([2]))); | ||
switch (numOutputs) { | ||
case 2: return [o1, o2]; | ||
case 3: return [o1, o2, this.hmac(tempKey, bytesAppend(o2, Uint8Array.from([3])))]; | ||
} | ||
} | ||
matchingPattern(protocol_name: string): string | null { | ||
const r = new RegExp(`^Noise_([A-Za-z0-9+]+)_${this.dhName()}_${this.cipherName()}_${this.hashName()}$`); | ||
const m = r.exec(protocol_name); | ||
if (m === null) return null; | ||
return m[1]; | ||
} | ||
} | ||
export interface HandshakePattern { | ||
name: string; // e.g. "NNpsk2" | ||
baseName: string; // e.g. "NN" | ||
messages: Token[][]; | ||
initiatorPreMessage: PreMessage; | ||
responderPreMessage: PreMessage; | ||
} | ||
export class CipherState { | ||
view: DataView | null = null; | ||
nonce = new Nonce(); | ||
constructor (public algorithms: NoiseProtocolAlgorithms, | ||
key?: Uint8Array) | ||
{ | ||
if (key !== void 0) this.view = new DataView(key.buffer); | ||
} | ||
encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array { | ||
if (this.view === null) return plaintext; | ||
const ciphertext = this.algorithms.encrypt(this.view, this.nonce, plaintext, associated_data); | ||
this.nonce.increment(); | ||
return ciphertext; | ||
} | ||
decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array { | ||
if (this.view === null) return ciphertext; | ||
const plaintext = this.algorithms.decrypt(this.view, this.nonce, ciphertext, associated_data); | ||
this.nonce.increment(); | ||
return plaintext; | ||
} | ||
rekey() { | ||
if (this.view === null) return; | ||
this.view = this.algorithms.rekey(this.view); | ||
} | ||
} | ||
export type Role = 'initiator' | 'responder'; | ||
export type NoiseProtocolOptions = { | ||
prologue?: Uint8Array, | ||
staticKeypair?: DHKeyPair, | ||
remoteStaticPublicKey?: Uint8Array, | ||
pregeneratedEphemeralKeypair?: DHKeyPair, | ||
remotePregeneratedEphemeralPublicKey?: Uint8Array, | ||
preSharedKeys?: Uint8Array[], | ||
}; | ||
export type KeyTransferToken = 'e' | 's'; | ||
export type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
export type Token = KeyTransferToken | KeyMixToken; | ||
export type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
export type TransportState = { send: CipherState, recv: CipherState }; | ||
export class NoiseHandshake { | ||
staticKeypair: DHKeyPair; | ||
remoteStaticPublicKey: Uint8Array | null; | ||
ephemeralKeypair: DHKeyPair; | ||
remoteEphemeralPublicKey: Uint8Array | null; | ||
preSharedKeys?: Uint8Array[]; | ||
stepIndex = 0; | ||
cipherState: CipherState; | ||
chainingKey: Uint8Array; | ||
handshakeHash: Uint8Array; | ||
constructor (public algorithms: NoiseProtocolAlgorithms, | ||
public pattern: HandshakePattern, | ||
public role: Role, | ||
options: NoiseProtocolOptions = {}) | ||
{ | ||
this.staticKeypair = options.staticKeypair ?? this.algorithms.generateKeypair(); | ||
this.remoteStaticPublicKey = options.remoteStaticPublicKey ?? null; | ||
this.ephemeralKeypair = options.pregeneratedEphemeralKeypair ?? this.algorithms.generateKeypair(); | ||
this.remoteEphemeralPublicKey = options.remotePregeneratedEphemeralPublicKey ?? null; | ||
this.preSharedKeys = options.preSharedKeys; | ||
if (this.preSharedKeys) { | ||
this.preSharedKeys = this.preSharedKeys.slice(); | ||
if (this.preSharedKeys.length === 0) this.preSharedKeys = void 0; | ||
} | ||
const protocolName = new TextEncoder().encode( | ||
'Noise_' + this.pattern.name + | ||
'_' + this.algorithms.dhName() + | ||
'_' + this.algorithms.cipherName() + | ||
'_' + this.algorithms.hashName()); | ||
this.cipherState = new CipherState(this.algorithms); | ||
this.chainingKey = this.algorithms._padOrHash( | ||
protocolName, | ||
this.algorithms.hash(EMPTY_BYTES).byteLength); | ||
this.handshakeHash = this.chainingKey; | ||
this.mixHash(options.prologue ?? EMPTY_BYTES); | ||
this.pattern.initiatorPreMessage.forEach(t => this.mixHash(t === 'e' | ||
? (this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!) | ||
: (this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!))); | ||
this.pattern.responderPreMessage.forEach(t => this.mixHash(t === 'e' | ||
? (!this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!) | ||
: (!this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!))); | ||
} | ||
get isInitiator(): boolean { | ||
return this.role === 'initiator'; | ||
} | ||
mixHash(data: Uint8Array) { | ||
this.handshakeHash = this.algorithms.hash(bytesAppend(this.handshakeHash, data)); | ||
} | ||
mixKey(input: Uint8Array) { | ||
const [newCk, k] = this.algorithms.hkdf(this.chainingKey, input, 2); | ||
this.chainingKey = newCk; | ||
this.cipherState = new CipherState(this.algorithms, k); | ||
} | ||
mixKeyAndHashNextPSK() { | ||
const psk = this.preSharedKeys!.shift()!; | ||
const [newCk, tempH, k] = this.algorithms.hkdf(this.chainingKey, psk, 3); | ||
this.chainingKey = newCk; | ||
this.mixHash(tempH); | ||
this.cipherState = new CipherState(this.algorithms, k); | ||
} | ||
encryptAndHash(p: Uint8Array) { | ||
const c = this.cipherState.encrypt(p, this.handshakeHash); | ||
this.mixHash(c); | ||
return c; | ||
} | ||
decryptAndHash(c: Uint8Array) { | ||
const p = this.cipherState.decrypt(c, this.handshakeHash); | ||
this.mixHash(c); | ||
return p; | ||
} | ||
_split(): TransportState | null { | ||
if (this.stepIndex < this.pattern.messages.length) { | ||
return null; | ||
} else { | ||
let [kI, kR] = this.algorithms.hkdf(this.chainingKey, EMPTY_BYTES, 2) | ||
.map(k => new CipherState(this.algorithms, k)); | ||
return this.isInitiator ? { send: kI, recv: kR } : { send: kR, recv: kI }; | ||
} | ||
} | ||
_nextStep(): Token[] { | ||
if (this.stepIndex >= this.pattern.messages.length) { | ||
throw new Error("Handshake already complete, cannot continue"); | ||
} | ||
return this.pattern.messages[this.stepIndex++]; | ||
} | ||
_processKeyMixToken(t: KeyMixToken) { | ||
switch (t) { | ||
case 'ee': | ||
this.mixKey(this.algorithms.dh(this.ephemeralKeypair, this.remoteEphemeralPublicKey!)); | ||
break; | ||
case 'es': | ||
this.mixKey(this.isInitiator | ||
? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!) | ||
: this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!)); | ||
break; | ||
case 'se': | ||
this.mixKey(!this.isInitiator | ||
? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!) | ||
: this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!)); | ||
break; | ||
case 'ss': | ||
this.mixKey(this.algorithms.dh(this.staticKeypair, this.remoteStaticPublicKey!)); | ||
break; | ||
case 'psk': | ||
this.mixKeyAndHashNextPSK(); | ||
break; | ||
} | ||
} | ||
writeMessage(payload: Uint8Array): { packet: Uint8Array, finished: TransportState | null } { | ||
const pieces = []; | ||
this._nextStep().forEach(t => { | ||
switch (t) { | ||
case 'e': | ||
pieces.push(this.ephemeralKeypair.public); | ||
this.mixHash(this.ephemeralKeypair.public); | ||
if (this.preSharedKeys) this.mixKey(this.ephemeralKeypair.public); | ||
break; | ||
case 's': | ||
pieces.push(this.encryptAndHash(this.staticKeypair.public)); | ||
break; | ||
default: | ||
this._processKeyMixToken(t); | ||
break; | ||
} | ||
}); | ||
pieces.push(this.encryptAndHash(payload)); | ||
let packet: Uint8Array; | ||
if (pieces.length === 1) { | ||
packet = pieces[0]; | ||
} else { | ||
packet = new Uint8Array(pieces.reduce((ac, p) => ac + p.byteLength, 0)); | ||
let offset = 0; | ||
pieces.forEach(p => { packet.set(p, offset); offset += p.byteLength; }); | ||
} | ||
return { packet, finished: this._split() }; | ||
} | ||
readMessage(packet: Uint8Array): { message: Uint8Array, finished: TransportState | null } { | ||
const take = (n: number): Uint8Array => { | ||
const bs = packet.slice(0, n); | ||
packet = packet.subarray(n); | ||
return bs; | ||
}; | ||
this._nextStep().forEach(t => { | ||
switch (t) { | ||
case 'e': | ||
this.remoteEphemeralPublicKey = take(this.algorithms.dhlen); | ||
this.mixHash(this.remoteEphemeralPublicKey); | ||
if (this.preSharedKeys) this.mixKey(this.remoteEphemeralPublicKey); | ||
break; | ||
case 's': | ||
this.remoteStaticPublicKey = this.decryptAndHash(take( | ||
this.algorithms.dhlen + (this.cipherState.view ? 16 : 0))); | ||
break; | ||
default: | ||
this._processKeyMixToken(t); | ||
break; | ||
} | ||
}); | ||
const message = this.decryptAndHash(packet); | ||
return { message, finished: this._split() }; | ||
} | ||
async completeHandshake(writePacket: (packet: Uint8Array) => Promise<void>, | ||
readPacket: () => Promise<Uint8Array>, | ||
handleMessage = async (_m: Uint8Array): Promise<void> => {}, | ||
produceMessage = async (): Promise<Uint8Array> => new Uint8Array(0)) | ||
: Promise<TransportState> | ||
{ | ||
const W = async (): Promise<TransportState> => { | ||
const { packet, finished } = this.writeMessage(await produceMessage()); | ||
await writePacket(packet); | ||
return finished || R(); | ||
}; | ||
const R = async (): Promise<TransportState> => { | ||
const { message, finished } = this.readMessage(await readPacket()); | ||
await handleMessage(message); | ||
return finished || W(); | ||
}; | ||
return (this.isInitiator ? W() : R()); | ||
} | ||
} | ||
export { Algorithms, matchPattern } from './noise/algorithms'; | ||
export { CipherState } from './noise/cipherstate'; | ||
export { Role, HandshakeOptions, TransportState, Handshake } from './noise/handshake'; | ||
export { | ||
HandshakePattern, | ||
KeyMixToken, | ||
KeyTransferToken, | ||
PATTERNS, | ||
PreMessage, | ||
Token, | ||
isOneWay, | ||
lookupPattern, | ||
} from './noise/patterns'; | ||
export { Noise_25519_ChaChaPoly_BLAKE2s } from './noise/profiles'; | ||
export { Rekey } from './noise/rekey'; |
@@ -1,3 +0,2 @@ | ||
import { AEAD } from '../../dist/salty-crypto.js'; | ||
const { AEAD_CHACHA20_POLY1305_TAGBYTES, aead_encrypt_detached, aead_decrypt_detached } = AEAD; | ||
import { ChaCha20Poly1305_RFC8439, Nonce } from '../../dist/salty-crypto.js'; | ||
import { it, expect } from '../harness'; | ||
@@ -21,6 +20,3 @@ | ||
const nonce = new DataView(new Uint8Array([ | ||
0x07, 0x00, 0x00, 0x00, | ||
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
]).buffer); | ||
const nonce = new Nonce(0x43424140, 0x47464544, 0x7); | ||
@@ -38,4 +34,5 @@ const expectedEncrypted = new Uint8Array([ | ||
const tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
aead_encrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data); | ||
const tag = new Uint8Array(ChaCha20Poly1305_RFC8439.TAGBYTES); | ||
ChaCha20Poly1305_RFC8439.encrypt_detached( | ||
sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data); | ||
expect(sunscreen).toEqual(expectedEncrypted); | ||
@@ -48,8 +45,11 @@ expect(tag).toEqual(new Uint8Array([ | ||
const sunscreen2 = Uint8Array.from(sunscreen); | ||
expect(aead_decrypt_detached(sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)).toBe(true); | ||
expect(ChaCha20Poly1305_RFC8439.decrypt_detached( | ||
sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)) | ||
.toBe(true); | ||
expect(new TextDecoder().decode(sunscreen2)).toBe(sunscreen_str); | ||
tag[0]++; | ||
expect(aead_decrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false); | ||
expect(ChaCha20Poly1305_RFC8439.decrypt_detached( | ||
sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false); | ||
expect(sunscreen).toEqual(expectedEncrypted); | ||
}); |
@@ -1,3 +0,2 @@ | ||
import { BLAKE2 } from '../../dist/salty-crypto.js'; | ||
const { BLAKE2s } = BLAKE2; | ||
import { BLAKE2s } from '../../dist/salty-crypto.js'; | ||
import { it, expect } from '../harness'; | ||
@@ -31,4 +30,4 @@ | ||
const input = seq(inlen, inlen); | ||
ctx.update(BLAKE2s.digest(input, outlen)); | ||
ctx.update(BLAKE2s.digest(input, outlen, seq(outlen, outlen))); | ||
ctx.update(BLAKE2s.digest(input, void 0, outlen)); | ||
ctx.update(BLAKE2s.digest(input, seq(outlen, outlen), outlen)); | ||
}); | ||
@@ -35,0 +34,0 @@ }); |
@@ -1,2 +0,3 @@ | ||
import { ChaCha20 as ChaCha } from '../../dist/salty-crypto.js'; | ||
import { ChaCha20, INTERNALS, Nonce } from '../../dist/salty-crypto.js'; | ||
const { chacha20_quarter_round, chacha20_block } = INTERNALS.cipher.chacha20; | ||
import { it, expect } from '../harness'; | ||
@@ -10,3 +11,3 @@ | ||
s[3] = 0x01234567; | ||
ChaCha.chacha20_quarter_round(s, 0, 1, 2, 3); | ||
chacha20_quarter_round(s, 0, 1, 2, 3); | ||
expect(Array.from(s)).toEqual([0xea2a92f4, 0xcb1cf8ce, 0x4581472e, 0x5881c4bb]); | ||
@@ -22,3 +23,3 @@ }); | ||
]); | ||
ChaCha.chacha20_quarter_round(s, 2, 7, 8, 13); | ||
chacha20_quarter_round(s, 2, 7, 8, 13); | ||
expect(s).toEqual(Uint32Array.from([ | ||
@@ -33,7 +34,7 @@ 0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a, | ||
it('chacha20_block', () => { | ||
const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES); | ||
const key8 = new Uint8Array(ChaCha20.KEYBYTES); | ||
for (let i = 0; i < key8.length; i++) key8[i] = i; | ||
const key = new DataView(key8.buffer); | ||
const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES); | ||
const nonce8 = new Uint8Array(ChaCha20.NONCEBYTES); | ||
nonce8[3] = 0x09; | ||
@@ -45,3 +46,3 @@ nonce8[7] = 0x4a; | ||
const output = ChaCha.chacha20_block(key, block, nonce); | ||
const output = chacha20_block(key, block, nonce); | ||
expect(output).toEqual(Uint32Array.from([ | ||
@@ -56,9 +57,7 @@ 0xe4e7f110, 0x15593bd1, 0x1fdd0f50, 0xc47120a3, | ||
it('chacha20', () => { | ||
const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES); | ||
const key8 = new Uint8Array(ChaCha20.KEYBYTES); | ||
for (let i = 0; i < key8.length; i++) key8[i] = i; | ||
const key = new DataView(key8.buffer); | ||
const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES); | ||
nonce8[7] = 0x4a; | ||
const nonce = new DataView(nonce8.buffer); | ||
const nonce = new Nonce(0x4a000000, 0, 0); | ||
@@ -71,3 +70,3 @@ const initial_counter = 1; | ||
ChaCha.chacha20(key, nonce, sunscreen, output, initial_counter); | ||
ChaCha20.stream_xor(key, nonce, sunscreen, output, initial_counter); | ||
expect(output).toEqual(Uint8Array.from([ | ||
@@ -85,4 +84,4 @@ 0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80, 0x41, 0xba, 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81, | ||
// Test in-place encryption | ||
ChaCha.chacha20(key, nonce, sunscreen, sunscreen, initial_counter); | ||
ChaCha20.stream_xor(key, nonce, sunscreen, sunscreen, initial_counter); | ||
expect(sunscreen).toEqual(output); | ||
}); |
@@ -1,14 +0,12 @@ | ||
import { Noise, Patterns, NoiseProfiles, X25519 } from '../../dist/salty-crypto.js'; | ||
type DHKeyPair = Noise.DHKeyPair; | ||
type TransportState = Noise.TransportState; | ||
type NoiseProtocolAlgorithms = Noise.NoiseProtocolAlgorithms; | ||
const { NoiseHandshake } = Noise; | ||
const { isOneWay, lookupPattern } = Patterns; | ||
const { Noise_25519_ChaChaPoly_BLAKE2s } = NoiseProfiles; | ||
const { scalarMultBase } = X25519; | ||
import { | ||
Algorithms, | ||
DHKeyPair, | ||
Handshake, | ||
INTERNALS, | ||
Noise_25519_ChaChaPoly_BLAKE2s, | ||
TransportState, | ||
isOneWay, | ||
lookupPattern, | ||
matchPattern, | ||
} from '../../dist/salty-crypto.js'; | ||
import { describe, it, expect } from '../harness'; | ||
@@ -78,3 +76,3 @@ | ||
return { | ||
public: scalarMultBase(sk), | ||
public: INTERNALS.dh.x25519.scalarMultBase(sk), | ||
secret: sk, | ||
@@ -86,5 +84,5 @@ }; | ||
async function testsuite_test(t: Test, algorithms: NoiseProtocolAlgorithms) { | ||
async function testsuite_test(t: Test, algorithms: Algorithms) { | ||
const isOld = 'name' in t; | ||
const patternName = algorithms.matchingPattern(isOld ? t.name : t.protocol_name); | ||
const patternName = matchPattern(algorithms, isOld ? t.name : t.protocol_name); | ||
if (!patternName) return; | ||
@@ -96,3 +94,3 @@ const pattern = lookupPattern(patternName); | ||
await it(pattern.name, async () => { | ||
const I = new NoiseHandshake(algorithms, pattern, 'initiator', { | ||
const I = new Handshake(algorithms, pattern, 'initiator', { | ||
prologue: unhex(t.init_prologue), | ||
@@ -104,3 +102,3 @@ staticKeypair: skToKeypair(unhex(t.init_static)), | ||
}); | ||
const R = new NoiseHandshake(algorithms, pattern, 'responder', { | ||
const R = new Handshake(algorithms, pattern, 'responder', { | ||
prologue: unhex(t.resp_prologue), | ||
@@ -144,3 +142,3 @@ staticKeypair: skToKeypair(unhex(t.resp_static)), | ||
(async () => { | ||
const algorithms = new Noise_25519_ChaChaPoly_BLAKE2s(); | ||
const algorithms = Noise_25519_ChaChaPoly_BLAKE2s; | ||
const load = (n: string) => JSON.parse(fs.readFileSync(path.join('test-vectors', n), 'utf-8')); | ||
@@ -147,0 +145,0 @@ |
@@ -1,3 +0,2 @@ | ||
import { Poly1305 as P } from '../../dist/salty-crypto.js'; | ||
const { Poly1305 } = P; | ||
import { Poly1305 } from '../../dist/salty-crypto.js'; | ||
@@ -14,3 +13,3 @@ import { it, expect } from '../harness'; | ||
const message = new TextEncoder().encode("Cryptographic Forum Research Group"); | ||
expect(Poly1305.digest(key, message)).toEqual(Uint8Array.from([ | ||
expect(Poly1305.digest(message, key)).toEqual(Uint8Array.from([ | ||
0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, | ||
@@ -17,0 +16,0 @@ 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9, |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1725003
40
2702
1