salty-crypto
Advanced tools
salty-crypto - npm Package Compare versions
Comparing version 0.0.5 to 0.1.0
@@ -1,82 +0,76 @@ | ||
| declare const AEAD_CHACHA20_POLY1305_KEYBYTES = 32; | ||
| declare const AEAD_CHACHA20_POLY1305_NONCEBYTES = 12; | ||
| declare const AEAD_CHACHA20_POLY1305_TAGBYTES = 16; | ||
| declare function aead_encrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, tag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): void; | ||
| declare function aead_encrypt(plaintext: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): Uint8Array; | ||
| declare function aead_decrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, expected_tag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): boolean; | ||
| declare class AuthenticationFailure extends Error { | ||
| declare class Nonce { | ||
| lo: number; | ||
| hi: number; | ||
| extra: number; | ||
| constructor(lo?: number, hi?: number, extra?: number); | ||
| increment(): void; | ||
| reset(lo?: number, hi?: number, extra?: number): void; | ||
| static get MAX(): Nonce; | ||
| } | ||
| declare function aead_decrypt(ciphertextAndTag: Uint8Array, key: DataView, nonce: DataView, associated_data?: Uint8Array): Uint8Array; | ||
| declare const aead_d_AEAD_CHACHA20_POLY1305_KEYBYTES: typeof AEAD_CHACHA20_POLY1305_KEYBYTES; | ||
| declare const aead_d_AEAD_CHACHA20_POLY1305_NONCEBYTES: typeof AEAD_CHACHA20_POLY1305_NONCEBYTES; | ||
| declare const aead_d_AEAD_CHACHA20_POLY1305_TAGBYTES: typeof AEAD_CHACHA20_POLY1305_TAGBYTES; | ||
| type aead_d_AuthenticationFailure = AuthenticationFailure; | ||
| declare const aead_d_AuthenticationFailure: typeof AuthenticationFailure; | ||
| declare const aead_d_aead_decrypt: typeof aead_decrypt; | ||
| declare const aead_d_aead_decrypt_detached: typeof aead_decrypt_detached; | ||
| declare const aead_d_aead_encrypt: typeof aead_encrypt; | ||
| declare const aead_d_aead_encrypt_detached: typeof aead_encrypt_detached; | ||
| declare namespace aead_d { | ||
| declare const ChaCha20Poly1305_RFC8439: AEAD; | ||
| declare const chacha20poly1305_ChaCha20Poly1305_RFC8439: typeof ChaCha20Poly1305_RFC8439; | ||
| declare namespace chacha20poly1305 { | ||
| export { | ||
| aead_d_AEAD_CHACHA20_POLY1305_KEYBYTES as AEAD_CHACHA20_POLY1305_KEYBYTES, | ||
| aead_d_AEAD_CHACHA20_POLY1305_NONCEBYTES as AEAD_CHACHA20_POLY1305_NONCEBYTES, | ||
| aead_d_AEAD_CHACHA20_POLY1305_TAGBYTES as AEAD_CHACHA20_POLY1305_TAGBYTES, | ||
| aead_d_AuthenticationFailure as AuthenticationFailure, | ||
| aead_d_aead_decrypt as aead_decrypt, | ||
| aead_d_aead_decrypt_detached as aead_decrypt_detached, | ||
| aead_d_aead_encrypt as aead_encrypt, | ||
| aead_d_aead_encrypt_detached as aead_encrypt_detached, | ||
| chacha20poly1305_ChaCha20Poly1305_RFC8439 as ChaCha20Poly1305_RFC8439, | ||
| }; | ||
| } | ||
| declare class BLAKE2s { | ||
| outlen: number; | ||
| static readonly KEYBYTES = 32; | ||
| static readonly OUTBYTES = 32; | ||
| static readonly BLOCKLEN = 64; | ||
| b: Uint8Array; | ||
| bv: DataView; | ||
| h: Uint32Array; | ||
| t: Uint32Array; | ||
| c: number; | ||
| static digest(input: Uint8Array, outlen?: number, key?: Uint8Array): Uint8Array; | ||
| constructor(outlen?: number, key?: Uint8Array); | ||
| update(input: Uint8Array): void; | ||
| final(output?: Uint8Array): Uint8Array; | ||
| compress(last: boolean): void; | ||
| declare class AuthenticationFailure extends Error { | ||
| } | ||
| interface AEAD { | ||
| readonly NAME: string; | ||
| readonly KEYBYTES: number; | ||
| readonly NONCEBYTES: number; | ||
| readonly TAGBYTES: number; | ||
| encrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, tag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): void; | ||
| encrypt(plaintext: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
| decrypt_detached(plaintext: Uint8Array, ciphertext: Uint8Array, messagelength: number, expected_tag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): boolean; | ||
| decrypt(ciphertextAndTag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
| } | ||
| declare function _encrypt(this: AEAD, plaintext: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
| declare function _decrypt(this: AEAD, ciphertextAndTag: Uint8Array, key: DataView, nonce: Nonce, associated_data?: Uint8Array): Uint8Array; | ||
| type blake2_d_BLAKE2s = BLAKE2s; | ||
| declare const blake2_d_BLAKE2s: typeof BLAKE2s; | ||
| declare namespace blake2_d { | ||
| declare function equal(x: Uint8Array, y: Uint8Array, n: number): boolean; | ||
| declare function xor(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
| declare function append(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
| declare const EMPTY: Uint8Array; | ||
| declare const bytes_d_EMPTY: typeof EMPTY; | ||
| declare const bytes_d_append: typeof append; | ||
| declare const bytes_d_equal: typeof equal; | ||
| declare const bytes_d_xor: typeof xor; | ||
| declare namespace bytes_d { | ||
| export { | ||
| blake2_d_BLAKE2s as BLAKE2s, | ||
| bytes_d_EMPTY as EMPTY, | ||
| bytes_d_append as append, | ||
| bytes_d_equal as equal, | ||
| bytes_d_xor as xor, | ||
| }; | ||
| } | ||
| declare const CHACHA20_KEYBYTES = 32; | ||
| declare const CHACHA20_NONCEBYTES = 12; | ||
| declare const CHACHA20_BLOCKBYTES = 64; | ||
| declare function chacha20_quarter_round(s: Uint32Array, a: number, b: number, c: number, d: number): void; | ||
| declare function chacha20_block(key: DataView, block: number, nonce: DataView): Uint32Array; | ||
| declare function chacha20(key: DataView, nonce: DataView, input: Uint8Array, output: Uint8Array, initial_counter?: number, messagelength?: number): void; | ||
| declare const ChaCha20: StreamCipher; | ||
| declare const chacha20_d_CHACHA20_BLOCKBYTES: typeof CHACHA20_BLOCKBYTES; | ||
| declare const chacha20_d_CHACHA20_KEYBYTES: typeof CHACHA20_KEYBYTES; | ||
| declare const chacha20_d_CHACHA20_NONCEBYTES: typeof CHACHA20_NONCEBYTES; | ||
| declare const chacha20_d_chacha20: typeof chacha20; | ||
| declare const chacha20_d_chacha20_block: typeof chacha20_block; | ||
| declare const chacha20_d_chacha20_quarter_round: typeof chacha20_quarter_round; | ||
| declare namespace chacha20_d { | ||
| declare const chacha20_ChaCha20: typeof ChaCha20; | ||
| declare const chacha20_chacha20_block: typeof chacha20_block; | ||
| declare const chacha20_chacha20_quarter_round: typeof chacha20_quarter_round; | ||
| declare namespace chacha20 { | ||
| export { | ||
| chacha20_d_CHACHA20_BLOCKBYTES as CHACHA20_BLOCKBYTES, | ||
| chacha20_d_CHACHA20_KEYBYTES as CHACHA20_KEYBYTES, | ||
| chacha20_d_CHACHA20_NONCEBYTES as CHACHA20_NONCEBYTES, | ||
| chacha20_d_chacha20 as chacha20, | ||
| chacha20_d_chacha20_block as chacha20_block, | ||
| chacha20_d_chacha20_quarter_round as chacha20_quarter_round, | ||
| chacha20_ChaCha20 as ChaCha20, | ||
| chacha20_chacha20_block as chacha20_block, | ||
| chacha20_chacha20_quarter_round as chacha20_quarter_round, | ||
| }; | ||
| } | ||
| interface StreamCipher { | ||
| readonly NAME: string; | ||
| readonly KEYBYTES: number; | ||
| readonly NONCEBYTES: number; | ||
| readonly BLOCKBYTES: number; | ||
| stream_xor(key: DataView, nonce: Nonce, input: Uint8Array, output: Uint8Array, initial_counter?: number, messagelength?: number): void; | ||
| } | ||
| type DHKeyPair = { | ||
@@ -86,44 +80,123 @@ public: Uint8Array; | ||
| }; | ||
| declare class Nonce { | ||
| lo: number; | ||
| hi: number; | ||
| constructor(lo?: number, hi?: number); | ||
| increment(): void; | ||
| reset(lo?: number, hi?: number): void; | ||
| static get MAX(): Nonce; | ||
| interface DH { | ||
| readonly NAME: string; | ||
| readonly DHLEN: number; | ||
| generateKeypair(): DHKeyPair; | ||
| dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
| } | ||
| declare function bytesXor(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
| declare function bytesAppend(a: Uint8Array, b: Uint8Array): Uint8Array; | ||
| type HMAC = (key: Uint8Array, data: Uint8Array) => Uint8Array; | ||
| declare abstract class NoiseProtocolAlgorithms { | ||
| readonly dhlen: number; | ||
| readonly hmac: HMAC; | ||
| constructor(hmac?: HMAC); | ||
| abstract dhName(): string; | ||
| abstract generateKeypair(): DHKeyPair; | ||
| abstract dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
| abstract cipherName(): string; | ||
| abstract encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| abstract decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| abstract hashName(): string; | ||
| abstract hash(data: Uint8Array): Uint8Array; | ||
| abstract hashBlocklen(): number; | ||
| rekey(k: DataView): DataView; | ||
| _padOrHash(bs0: Uint8Array, len: number): Uint8Array; | ||
| hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
| hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
| matchingPattern(protocol_name: string): string | null; | ||
| declare const X25519: DH; | ||
| declare const BLAKE2s: { | ||
| new (key?: Uint8Array, outlen?: number): { | ||
| b: Uint8Array; | ||
| bv: DataView; | ||
| h: Uint32Array; | ||
| t: Uint32Array; | ||
| c: number; | ||
| outlen: number; | ||
| update(input: Uint8Array, offset?: number, length?: number): void; | ||
| final(output?: Uint8Array): Uint8Array; | ||
| compress(last: boolean): void; | ||
| }; | ||
| readonly NAME: "BLAKE2s"; | ||
| readonly KEYBYTES: 32; | ||
| readonly OUTBYTES: 32; | ||
| readonly BLOCKLEN: 64; | ||
| digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
| }; | ||
| declare const blake2s_BLAKE2s: typeof BLAKE2s; | ||
| declare namespace blake2s { | ||
| export { | ||
| blake2s_BLAKE2s as BLAKE2s, | ||
| }; | ||
| } | ||
| interface HandshakePattern { | ||
| name: string; | ||
| baseName: string; | ||
| messages: Token[][]; | ||
| initiatorPreMessage: PreMessage; | ||
| responderPreMessage: PreMessage; | ||
| declare const Poly1305: { | ||
| new (key?: Uint8Array, outlen?: number): { | ||
| buffer: Uint8Array; | ||
| r: Uint16Array; | ||
| h: Uint16Array; | ||
| pad: Uint16Array; | ||
| leftover: number; | ||
| fin: number; | ||
| blocks(m: Uint8Array, mpos: number, bytes: number): void; | ||
| final(mac?: Uint8Array): Uint8Array; | ||
| update(m: Uint8Array, mpos?: number, bytes?: number): void; | ||
| }; | ||
| readonly NAME: "Poly1305"; | ||
| readonly KEYBYTES: 32; | ||
| readonly OUTBYTES: 16; | ||
| readonly BLOCKLEN: 16; | ||
| digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
| }; | ||
| declare const poly1305_Poly1305: typeof Poly1305; | ||
| declare namespace poly1305 { | ||
| export { | ||
| poly1305_Poly1305 as Poly1305, | ||
| }; | ||
| } | ||
| interface Hash { | ||
| readonly NAME: string; | ||
| readonly KEYBYTES: number; | ||
| readonly OUTBYTES: number; | ||
| readonly BLOCKLEN: number; | ||
| digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array; | ||
| new (key?: Uint8Array, outlen?: number): HashAlgorithm; | ||
| } | ||
| interface HashAlgorithm { | ||
| update(input: Uint8Array, offset?: number, length?: number): void; | ||
| final(output?: Uint8Array): Uint8Array; | ||
| } | ||
| type HMAC = { | ||
| (key: Uint8Array, data: Uint8Array): Uint8Array; | ||
| readonly NAME: string; | ||
| }; | ||
| declare function makeHMAC(hash: Hash): HMAC; | ||
| type HKDF = { | ||
| (chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
| (chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
| }; | ||
| declare function makeHKDF(hmac: HMAC): HKDF; | ||
| type Rekey = (k: DataView) => DataView; | ||
| declare function makeRekey(aead: AEAD): Rekey; | ||
| type rekey_Rekey = Rekey; | ||
| declare const rekey_makeRekey: typeof makeRekey; | ||
| declare namespace rekey { | ||
| export { | ||
| rekey_Rekey as Rekey, | ||
| rekey_makeRekey as makeRekey, | ||
| }; | ||
| } | ||
| interface Algorithms { | ||
| dh: DH; | ||
| aead: AEAD; | ||
| hash: Hash; | ||
| hmac?: HMAC; | ||
| hkdf?: HKDF; | ||
| rekey?: Rekey; | ||
| } | ||
| declare function matchPattern(a: Algorithms, protocol_name: string): string | null; | ||
| type algorithms_Algorithms = Algorithms; | ||
| declare const algorithms_matchPattern: typeof matchPattern; | ||
| declare namespace algorithms { | ||
| export { | ||
| algorithms_Algorithms as Algorithms, | ||
| algorithms_matchPattern as matchPattern, | ||
| }; | ||
| } | ||
| declare class CipherState { | ||
| algorithms: NoiseProtocolAlgorithms; | ||
| algorithms: Algorithms; | ||
| view: DataView | null; | ||
| nonce: Nonce; | ||
| constructor(algorithms: NoiseProtocolAlgorithms, key?: Uint8Array); | ||
| constructor(algorithms: Algorithms, key?: Uint8Array); | ||
| encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
@@ -133,4 +206,51 @@ decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| } | ||
| type cipherstate_CipherState = CipherState; | ||
| declare const cipherstate_CipherState: typeof CipherState; | ||
| declare namespace cipherstate { | ||
| export { | ||
| cipherstate_CipherState as CipherState, | ||
| }; | ||
| } | ||
| type KeyTransferToken = 'e' | 's'; | ||
| type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
| type Token = KeyTransferToken | KeyMixToken; | ||
| type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
| interface HandshakePattern { | ||
| name: string; | ||
| baseName: string; | ||
| messages: Token[][]; | ||
| initiatorPreMessage: PreMessage; | ||
| responderPreMessage: PreMessage; | ||
| } | ||
| declare const PATTERNS: { | ||
| [key: string]: HandshakePattern; | ||
| }; | ||
| declare function isOneWay(pat: HandshakePattern): boolean; | ||
| declare function lookupPattern(name: string): HandshakePattern | null; | ||
| type patterns_HandshakePattern = HandshakePattern; | ||
| type patterns_KeyMixToken = KeyMixToken; | ||
| type patterns_KeyTransferToken = KeyTransferToken; | ||
| declare const patterns_PATTERNS: typeof PATTERNS; | ||
| type patterns_PreMessage = PreMessage; | ||
| type patterns_Token = Token; | ||
| declare const patterns_isOneWay: typeof isOneWay; | ||
| declare const patterns_lookupPattern: typeof lookupPattern; | ||
| declare namespace patterns { | ||
| export { | ||
| patterns_HandshakePattern as HandshakePattern, | ||
| patterns_KeyMixToken as KeyMixToken, | ||
| patterns_KeyTransferToken as KeyTransferToken, | ||
| patterns_PATTERNS as PATTERNS, | ||
| patterns_PreMessage as PreMessage, | ||
| patterns_Token as Token, | ||
| patterns_isOneWay as isOneWay, | ||
| patterns_lookupPattern as lookupPattern, | ||
| }; | ||
| } | ||
| type Role = 'initiator' | 'responder'; | ||
| type NoiseProtocolOptions = { | ||
| type HandshakeOptions = { | ||
| prologue?: Uint8Array; | ||
@@ -143,6 +263,2 @@ staticKeypair?: DHKeyPair; | ||
| }; | ||
| type KeyTransferToken = 'e' | 's'; | ||
| type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
| type Token = KeyTransferToken | KeyMixToken; | ||
| type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
| type TransportState = { | ||
@@ -152,4 +268,4 @@ send: CipherState; | ||
| }; | ||
| declare class NoiseHandshake { | ||
| algorithms: NoiseProtocolAlgorithms; | ||
| declare class Handshake { | ||
| algorithms: Algorithms; | ||
| pattern: HandshakePattern; | ||
@@ -166,3 +282,4 @@ role: Role; | ||
| handshakeHash: Uint8Array; | ||
| constructor(algorithms: NoiseProtocolAlgorithms, pattern: HandshakePattern, role: Role, options?: NoiseProtocolOptions); | ||
| hkdf: HKDF; | ||
| constructor(algorithms: Algorithms, pattern: HandshakePattern, role: Role, options?: HandshakeOptions); | ||
| get isInitiator(): boolean; | ||
@@ -188,119 +305,28 @@ mixHash(data: Uint8Array): void; | ||
| type noise_d_CipherState = CipherState; | ||
| declare const noise_d_CipherState: typeof CipherState; | ||
| type noise_d_DHKeyPair = DHKeyPair; | ||
| type noise_d_HMAC = HMAC; | ||
| type noise_d_HandshakePattern = HandshakePattern; | ||
| type noise_d_KeyMixToken = KeyMixToken; | ||
| type noise_d_KeyTransferToken = KeyTransferToken; | ||
| type noise_d_NoiseHandshake = NoiseHandshake; | ||
| declare const noise_d_NoiseHandshake: typeof NoiseHandshake; | ||
| type noise_d_NoiseProtocolAlgorithms = NoiseProtocolAlgorithms; | ||
| declare const noise_d_NoiseProtocolAlgorithms: typeof NoiseProtocolAlgorithms; | ||
| type noise_d_NoiseProtocolOptions = NoiseProtocolOptions; | ||
| type noise_d_Nonce = Nonce; | ||
| declare const noise_d_Nonce: typeof Nonce; | ||
| type noise_d_PreMessage = PreMessage; | ||
| type noise_d_Role = Role; | ||
| type noise_d_Token = Token; | ||
| type noise_d_TransportState = TransportState; | ||
| declare const noise_d_bytesAppend: typeof bytesAppend; | ||
| declare const noise_d_bytesXor: typeof bytesXor; | ||
| declare namespace noise_d { | ||
| type handshake_Handshake = Handshake; | ||
| declare const handshake_Handshake: typeof Handshake; | ||
| type handshake_HandshakeOptions = HandshakeOptions; | ||
| type handshake_Role = Role; | ||
| type handshake_TransportState = TransportState; | ||
| declare namespace handshake { | ||
| export { | ||
| noise_d_CipherState as CipherState, | ||
| noise_d_DHKeyPair as DHKeyPair, | ||
| noise_d_HMAC as HMAC, | ||
| noise_d_HandshakePattern as HandshakePattern, | ||
| noise_d_KeyMixToken as KeyMixToken, | ||
| noise_d_KeyTransferToken as KeyTransferToken, | ||
| noise_d_NoiseHandshake as NoiseHandshake, | ||
| noise_d_NoiseProtocolAlgorithms as NoiseProtocolAlgorithms, | ||
| noise_d_NoiseProtocolOptions as NoiseProtocolOptions, | ||
| noise_d_Nonce as Nonce, | ||
| noise_d_PreMessage as PreMessage, | ||
| noise_d_Role as Role, | ||
| noise_d_Token as Token, | ||
| noise_d_TransportState as TransportState, | ||
| noise_d_bytesAppend as bytesAppend, | ||
| noise_d_bytesXor as bytesXor, | ||
| handshake_Handshake as Handshake, | ||
| handshake_HandshakeOptions as HandshakeOptions, | ||
| handshake_Role as Role, | ||
| handshake_TransportState as TransportState, | ||
| }; | ||
| } | ||
| declare const PATTERNS: { | ||
| [key: string]: HandshakePattern; | ||
| }; | ||
| declare function isOneWay(pat: HandshakePattern): boolean; | ||
| declare function lookupPattern(name: string): HandshakePattern | null; | ||
| declare const Noise_25519_ChaChaPoly_BLAKE2s: Algorithms; | ||
| declare const patterns_d_PATTERNS: typeof PATTERNS; | ||
| declare const patterns_d_isOneWay: typeof isOneWay; | ||
| declare const patterns_d_lookupPattern: typeof lookupPattern; | ||
| declare namespace patterns_d { | ||
| declare const profiles_Noise_25519_ChaChaPoly_BLAKE2s: typeof Noise_25519_ChaChaPoly_BLAKE2s; | ||
| declare namespace profiles { | ||
| export { | ||
| patterns_d_PATTERNS as PATTERNS, | ||
| patterns_d_isOneWay as isOneWay, | ||
| patterns_d_lookupPattern as lookupPattern, | ||
| profiles_Noise_25519_ChaChaPoly_BLAKE2s as Noise_25519_ChaChaPoly_BLAKE2s, | ||
| }; | ||
| } | ||
| declare class Poly1305 { | ||
| key: Uint8Array; | ||
| static readonly KEYBYTES = 32; | ||
| static readonly TAGBYTES = 16; | ||
| static readonly BLOCKBYTES = 16; | ||
| buffer: Uint8Array; | ||
| r: Uint16Array; | ||
| h: Uint16Array; | ||
| pad: Uint16Array; | ||
| leftover: number; | ||
| fin: number; | ||
| static digest(key: Uint8Array, input: Uint8Array): Uint8Array; | ||
| constructor(key: Uint8Array); | ||
| blocks(m: Uint8Array, mpos: number, bytes: number): void; | ||
| finish(mac: Uint8Array, macpos: number): void; | ||
| update(m: Uint8Array, mpos: number, bytes: number): void; | ||
| } | ||
| type poly1305_d_Poly1305 = Poly1305; | ||
| declare const poly1305_d_Poly1305: typeof Poly1305; | ||
| declare namespace poly1305_d { | ||
| export { | ||
| poly1305_d_Poly1305 as Poly1305, | ||
| }; | ||
| } | ||
| declare class Noise_25519_ChaChaPoly_BLAKE2s extends NoiseProtocolAlgorithms { | ||
| constructor(); | ||
| dhName(): string; | ||
| generateKeypair(): DHKeyPair; | ||
| dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
| cipherName(): string; | ||
| encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| hashName(): string; | ||
| hash(data: Uint8Array): Uint8Array; | ||
| hashBlocklen(): number; | ||
| } | ||
| type profiles_d_Noise_25519_ChaChaPoly_BLAKE2s = Noise_25519_ChaChaPoly_BLAKE2s; | ||
| declare const profiles_d_Noise_25519_ChaChaPoly_BLAKE2s: typeof Noise_25519_ChaChaPoly_BLAKE2s; | ||
| declare namespace profiles_d { | ||
| export { | ||
| profiles_d_Noise_25519_ChaChaPoly_BLAKE2s as Noise_25519_ChaChaPoly_BLAKE2s, | ||
| }; | ||
| } | ||
| declare const _randomBytes: (out: Uint8Array, n: number) => void; | ||
| declare function randomBytes(n: number): Uint8Array; | ||
| declare const random_d__randomBytes: typeof _randomBytes; | ||
| declare const random_d_randomBytes: typeof randomBytes; | ||
| declare namespace random_d { | ||
| export { | ||
| random_d__randomBytes as _randomBytes, | ||
| random_d_randomBytes as randomBytes, | ||
| }; | ||
| } | ||
| declare const crypto_scalarmult_BYTES = 32; | ||
@@ -317,19 +343,43 @@ declare const crypto_scalarmult_SCALARBYTES = 32; | ||
| declare const x25519_d_crypto_scalarmult: typeof crypto_scalarmult; | ||
| declare const x25519_d_crypto_scalarmult_BYTES: typeof crypto_scalarmult_BYTES; | ||
| declare const x25519_d_crypto_scalarmult_SCALARBYTES: typeof crypto_scalarmult_SCALARBYTES; | ||
| declare const x25519_d_crypto_scalarmult_base: typeof crypto_scalarmult_base; | ||
| declare const x25519_d_scalarMult: typeof scalarMult; | ||
| declare const x25519_d_scalarMultBase: typeof scalarMultBase; | ||
| declare namespace x25519_d { | ||
| declare const x25519_crypto_scalarmult: typeof crypto_scalarmult; | ||
| declare const x25519_crypto_scalarmult_BYTES: typeof crypto_scalarmult_BYTES; | ||
| declare const x25519_crypto_scalarmult_SCALARBYTES: typeof crypto_scalarmult_SCALARBYTES; | ||
| declare const x25519_crypto_scalarmult_base: typeof crypto_scalarmult_base; | ||
| declare const x25519_scalarMult: typeof scalarMult; | ||
| declare const x25519_scalarMultBase: typeof scalarMultBase; | ||
| declare namespace x25519 { | ||
| export { | ||
| x25519_d_crypto_scalarmult as crypto_scalarmult, | ||
| x25519_d_crypto_scalarmult_BYTES as crypto_scalarmult_BYTES, | ||
| x25519_d_crypto_scalarmult_SCALARBYTES as crypto_scalarmult_SCALARBYTES, | ||
| x25519_d_crypto_scalarmult_base as crypto_scalarmult_base, | ||
| x25519_d_scalarMult as scalarMult, | ||
| x25519_d_scalarMultBase as scalarMultBase, | ||
| x25519_crypto_scalarmult as crypto_scalarmult, | ||
| x25519_crypto_scalarmult_BYTES as crypto_scalarmult_BYTES, | ||
| x25519_crypto_scalarmult_SCALARBYTES as crypto_scalarmult_SCALARBYTES, | ||
| x25519_crypto_scalarmult_base as crypto_scalarmult_base, | ||
| x25519_scalarMult as scalarMult, | ||
| x25519_scalarMultBase as scalarMultBase, | ||
| }; | ||
| } | ||
| export { aead_d as AEAD, blake2_d as BLAKE2, chacha20_d as ChaCha20, noise_d as Noise, profiles_d as NoiseProfiles, patterns_d as Patterns, poly1305_d as Poly1305, random_d as Random, x25519_d as X25519 }; | ||
| declare const INTERNALS: { | ||
| aead: { | ||
| chacha20poly1305: typeof chacha20poly1305; | ||
| }; | ||
| cipher: { | ||
| chacha20: typeof chacha20; | ||
| }; | ||
| dh: { | ||
| x25519: typeof x25519; | ||
| }; | ||
| hash: { | ||
| blake2s: typeof blake2s; | ||
| poly1305: typeof poly1305; | ||
| }; | ||
| noise: { | ||
| algorithms: typeof algorithms; | ||
| cipherstate: typeof cipherstate; | ||
| handshake: typeof handshake; | ||
| patterns: typeof patterns; | ||
| profiles: typeof profiles; | ||
| rekey: typeof rekey; | ||
| }; | ||
| }; | ||
| export { AEAD, Algorithms, AuthenticationFailure, BLAKE2s, bytes_d as Bytes, ChaCha20, ChaCha20Poly1305_RFC8439, CipherState, DH, DHKeyPair, HKDF, HMAC, Handshake, HandshakeOptions, HandshakePattern, Hash, HashAlgorithm, INTERNALS, KeyMixToken, KeyTransferToken, Noise_25519_ChaChaPoly_BLAKE2s, Nonce, PATTERNS, Poly1305, PreMessage, Rekey, Role, StreamCipher, Token, TransportState, X25519, _decrypt, _encrypt, _randomBytes, isOneWay, lookupPattern, makeHKDF, makeHMAC, matchPattern, randomBytes }; |
@@ -1,1 +0,1 @@ | ||
| !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}function r(t,e,s,i,r=0,n=s.byteLength){const a=n>>6,o=63&n;for(let n=0;n<a;n++){const a=h(t,r+n,e);for(let t=0;t<64;t++)i[(n<<6)+t]=s[(n<<6)+t]^a[t>>2]>>((3&t)<<3)}if(0!==o){const n=h(t,r+a,e);for(let t=0;t<o;t++)i[(a<<6)+t]=s[(a<<6)+t]^n[t>>2]>>((3&t)<<3)}}var n=Object.freeze({__proto__:null,CHACHA20_BLOCKBYTES:64,CHACHA20_KEYBYTES:32,CHACHA20_NONCEBYTES:12,chacha20:r,chacha20_block:h,chacha20_quarter_round:s});class a{static digest(t,e){const s=new a(t);s.update(e,0,e.byteLength);const i=new Uint8Array(a.TAGBYTES);return s.finish(i,0),i}constructor(t){this.key=t,this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0;const e=255&t[0]|(255&t[1])<<8;this.r[0]=8191&e;const s=255&t[2]|(255&t[3])<<8;this.r[1]=8191&(e>>>13|s<<3);const i=255&t[4]|(255&t[5])<<8;this.r[2]=7939&(s>>>10|i<<6);const h=255&t[6]|(255&t[7])<<8;this.r[3]=8191&(i>>>7|h<<9);const r=255&t[8]|(255&t[9])<<8;this.r[4]=255&(h>>>4|r<<12),this.r[5]=r>>>1&8190;const n=255&t[10]|(255&t[11])<<8;this.r[6]=8191&(r>>>14|n<<2);const a=255&t[12]|(255&t[13])<<8;this.r[7]=8065&(n>>>11|a<<5);const o=255&t[14]|(255&t[15])<<8;this.r[8]=8191&(a>>>8|o<<8),this.r[9]=o>>>5&127,this.pad[0]=255&t[16]|(255&t[17])<<8,this.pad[1]=255&t[18]|(255&t[19])<<8,this.pad[2]=255&t[20]|(255&t[21])<<8,this.pad[3]=255&t[22]|(255&t[23])<<8,this.pad[4]=255&t[24]|(255&t[25])<<8,this.pad[5]=255&t[26]|(255&t[27])<<8,this.pad[6]=255&t[28]|(255&t[29])<<8,this.pad[7]=255&t[30]|(255&t[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],c=this.h[5],l=this.h[6],u=this.h[7],f=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],b=this.r[4],K=this.r[5],w=this.r[6],A=this.r[7],_=this.r[8],E=this.r[9];for(;s>=16;){const U=255&t[e+0]|(255&t[e+1])<<8;h+=8191&U;const v=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(U>>>13|v<<3);const M=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(v>>>10|M<<6);const S=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(M>>>7|S<<9);const N=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(S>>>4|N<<12),c+=N>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;l+=8191&(N>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;u+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;f+=8191&(k>>>8|x<<8),y+=x>>>5|i;let H=0,P=H;P+=h*p,P+=r*(5*E),P+=n*(5*_),P+=a*(5*A),P+=o*(5*w),H=P>>>13,P&=8191,P+=c*(5*K),P+=l*(5*b),P+=u*(5*g),P+=f*(5*m),P+=y*(5*d),H+=P>>>13,P&=8191;let B=H;B+=h*d,B+=r*p,B+=n*(5*E),B+=a*(5*_),B+=o*(5*A),H=B>>>13,B&=8191,B+=c*(5*w),B+=l*(5*K),B+=u*(5*b),B+=f*(5*g),B+=y*(5*m),H+=B>>>13,B&=8191;let X=H;X+=h*m,X+=r*d,X+=n*p,X+=a*(5*E),X+=o*(5*_),H=X>>>13,X&=8191,X+=c*(5*A),X+=l*(5*w),X+=u*(5*K),X+=f*(5*b),X+=y*(5*g),H+=X>>>13,X&=8191;let C=H;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*E),H=C>>>13,C&=8191,C+=c*(5*_),C+=l*(5*A),C+=u*(5*w),C+=f*(5*K),C+=y*(5*b),H+=C>>>13,C&=8191;let T=H;T+=h*b,T+=r*g,T+=n*m,T+=a*d,T+=o*p,H=T>>>13,T&=8191,T+=c*(5*E),T+=l*(5*_),T+=u*(5*A),T+=f*(5*w),T+=y*(5*K),H+=T>>>13,T&=8191;let O=H;O+=h*K,O+=r*b,O+=n*g,O+=a*m,O+=o*d,H=O>>>13,O&=8191,O+=c*p,O+=l*(5*E),O+=u*(5*_),O+=f*(5*A),O+=y*(5*w),H+=O>>>13,O&=8191;let I=H;I+=h*w,I+=r*K,I+=n*b,I+=a*g,I+=o*m,H=I>>>13,I&=8191,I+=c*d,I+=l*p,I+=u*(5*E),I+=f*(5*_),I+=y*(5*A),H+=I>>>13,I&=8191;let Y=H;Y+=h*A,Y+=r*w,Y+=n*K,Y+=a*b,Y+=o*g,H=Y>>>13,Y&=8191,Y+=c*m,Y+=l*d,Y+=u*p,Y+=f*(5*E),Y+=y*(5*_),H+=Y>>>13,Y&=8191;let z=H;z+=h*_,z+=r*A,z+=n*w,z+=a*K,z+=o*b,H=z>>>13,z&=8191,z+=c*g,z+=l*m,z+=u*d,z+=f*p,z+=y*(5*E),H+=z>>>13,z&=8191;let j=H;j+=h*E,j+=r*_,j+=n*A,j+=a*w,j+=o*K,H=j>>>13,j&=8191,j+=c*b,j+=l*g,j+=u*m,j+=f*d,j+=y*p,H+=j>>>13,j&=8191,H=(H<<2)+H|0,H=H+P|0,P=8191&H,H>>>=13,B+=H,h=P,r=B,n=X,a=C,o=T,c=O,l=I,u=Y,f=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=c,this.h[6]=l,this.h[7]=u,this.h[8]=f,this.h[9]=y}finish(t,e){if(this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;t[e+0]=this.h[0]>>>0&255,t[e+1]=this.h[0]>>>8&255,t[e+2]=this.h[1]>>>0&255,t[e+3]=this.h[1]>>>8&255,t[e+4]=this.h[2]>>>0&255,t[e+5]=this.h[2]>>>8&255,t[e+6]=this.h[3]>>>0&255,t[e+7]=this.h[3]>>>8&255,t[e+8]=this.h[4]>>>0&255,t[e+9]=this.h[4]>>>8&255,t[e+10]=this.h[5]>>>0&255,t[e+11]=this.h[5]>>>8&255,t[e+12]=this.h[6]>>>0&255,t[e+13]=this.h[6]>>>8&255,t[e+14]=this.h[7]>>>0&255,t[e+15]=this.h[7]>>>8&255}update(t,e,s){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}}a.KEYBYTES=32,a.TAGBYTES=16,a.BLOCKBYTES=16;var o=Object.freeze({__proto__:null,Poly1305:a});const c=new Uint8Array(16);function l(t,e){const s=15&e;0!==s&&t.update(c,0,16-s)}function u(t,e,s,i,h,n){const o=new Uint8Array(a.KEYBYTES);r(e,s,o,o,0);const c=new a(o);void 0!==n&&(c.update(n,0,n.byteLength),l(c,n.byteLength)),c.update(i,0,h),l(c,h);const u=new Uint8Array(16),f=new DataView(u.buffer);void 0!==n&&f.setUint32(0,n.byteLength,!0),f.setUint32(8,h,!0),c.update(u,0,u.byteLength),c.finish(t,0)}function f(t,e,s,i,h,n,a){r(h,n,t,e,1,s),u(i,h,n,e,s,a)}function y(t,e,s,i){const h=new Uint8Array(t.byteLength+16);return f(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function p(t,e,s,i,h,n,a){const o=new Uint8Array(16);u(o,h,n,e,s,a);const c=0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(o,i,o.byteLength);return c&&r(h,n,e,t,1,s),c}class d extends Error{}function m(t,e,s,i){const h=new Uint8Array(t.byteLength-16);if(!p(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new d("ChaCha20Poly1305 AEAD authentication failed");return h}var g=Object.freeze({__proto__:null,AEAD_CHACHA20_POLY1305_KEYBYTES:32,AEAD_CHACHA20_POLY1305_NONCEBYTES:12,AEAD_CHACHA20_POLY1305_TAGBYTES:16,AuthenticationFailure:d,aead_decrypt:m,aead_decrypt_detached:p,aead_encrypt:y,aead_encrypt_detached:f});function b(t,e){return t>>>e|t<<32-e}function K(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=b(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=b(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=b(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=b(t[s]^t[i],7)}const w=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),A=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function _(t,e){return A[(t<<4)+e]}class E{static digest(t,e,s){const i=new E(e,s);return i.update(t),i.final()}constructor(t=E.OUTBYTES,e){var s;this.outlen=t,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(w),this.t=new Uint32Array(2),this.c=0;const i=null!==(s=null==e?void 0:e.byteLength)&&void 0!==s?s:0;if(0==t||t>32||i>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^i<<8^t,void 0!==e&&i>0&&(this.update(e),this.c=64)}update(t){for(let e=0;e<t.byteLength;e++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[e]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=w[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)K(e,0,4,8,12,s[_(t,0)],s[_(t,1)]),K(e,1,5,9,13,s[_(t,2)],s[_(t,3)]),K(e,2,6,10,14,s[_(t,4)],s[_(t,5)]),K(e,3,7,11,15,s[_(t,6)],s[_(t,7)]),K(e,0,5,10,15,s[_(t,8)],s[_(t,9)]),K(e,1,6,11,12,s[_(t,10)],s[_(t,11)]),K(e,2,7,8,13,s[_(t,12)],s[_(t,13)]),K(e,3,4,9,14,s[_(t,14)],s[_(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}}E.KEYBYTES=32,E.OUTBYTES=32,E.BLOCKLEN=64;var U=Object.freeze({__proto__:null,BLAKE2s:E});class v{constructor(t=0,e=0){this.lo=t,this.hi=e}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0){this.lo=t,this.hi=e}static get MAX(){return new v(4294967295,4294967295)}}function M(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function S(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const N=new Uint8Array(0);class L{constructor(t){const e=this.generateKeypair();this.dhlen=this.dh(e,e.public).byteLength,this.hmac=null!=t?t:function(t){const e=new Uint8Array(t.hashBlocklen());e.fill(54);const s=new Uint8Array(t.hashBlocklen());return s.fill(92),(i,h)=>{const r=t._padOrHash(i,t.hashBlocklen());return t.hash(S(M(r,s),t.hash(S(M(r,e),h))))}}(this)}rekey(t){return new DataView(this.encrypt(t,v.MAX,new Uint8Array(32)).buffer)}_padOrHash(t,e){const s=t.byteLength>e?this.hash(t):t;return S(s,new Uint8Array(e-s.byteLength))}hkdf(t,e,s){const i=this.hmac(t,e),h=this.hmac(i,Uint8Array.from([1])),r=this.hmac(i,S(h,Uint8Array.from([2])));switch(s){case 2:return[h,r];case 3:return[h,r,this.hmac(i,S(r,Uint8Array.from([3])))]}}matchingPattern(t){const e=new RegExp(`^Noise_([A-Za-z0-9+]+)_${this.dhName()}_${this.cipherName()}_${this.hashName()}$`).exec(t);return null===e?null:e[1]}}class k{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new v,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.encrypt(this.view,this.nonce,t,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.decrypt(this.view,this.nonce,t,e);return this.nonce.increment(),s}rekey(){null!==this.view&&(this.view=this.algorithms.rekey(this.view))}}var x=Object.freeze({__proto__:null,CipherState:k,NoiseHandshake:class{constructor(t,e,s,i={}){var h,r,n,a,o;this.algorithms=t,this.pattern=e,this.role=s,this.stepIndex=0,this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const c=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dhName()+"_"+this.algorithms.cipherName()+"_"+this.algorithms.hashName());this.cipherState=new k(this.algorithms),this.chainingKey=this.algorithms._padOrHash(c,this.algorithms.hash(N).byteLength),this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:N),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public)))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash(S(this.handshakeHash,t))}mixKey(t){const[e,s]=this.algorithms.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new k(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.algorithms.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new k(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.algorithms.hkdf(this.chainingKey,N,2).map((t=>new k(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dhlen),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dhlen+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}},NoiseProtocolAlgorithms:L,Nonce:v,bytesAppend:S,bytesXor:M});const H={};function P(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};H[h.name]=h}P("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),P("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),P("I1N",[["e","s"],["e","ee"],["se"]],[],[]),P("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),P("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),P("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),P("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),P("IN",[["e","s"],["e","ee","se"]],[],[]),P("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),P("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),P("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),P("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),P("K1N",[["e"],["e","ee"],["se"]],["s"],[]),P("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),P("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),P("K",[["e","es","ss"]],["s"],["s"]),P("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),P("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),P("KN",[["e"],["e","ee","se"]],["s"],[]),P("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),P("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),P("N",[["e","es"]],[],["s"]),P("NK1",[["e"],["e","ee","es"]],[],["s"]),P("NK",[["e","es"],["e","ee"]],[],["s"]),P("NN",[["e"],["e","ee"]],[],[]),P("NX1",[["e"],["e","ee","s"],["es"]],[],[]),P("NX",[["e"],["e","ee","s","es"]],[],[]),P("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),P("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),P("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),P("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),P("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),P("X",[["e","es","s","ss"]],[],["s"]),P("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),P("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),P("XN",[["e"],["e","ee"],["s","se"]],[],[]),P("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),P("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const B=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,X=/^psk([0-9]+)$/;var C=Object.freeze({__proto__:null,PATTERNS:H,isOneWay:function(t){return 1===t.baseName.length},lookupPattern:function(t){var e,s,i;const h=B.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=H[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=X.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}});const T=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function O(t){const e=new Uint8Array(t);return T(e,t),e}var I=Object.freeze({__proto__:null,_randomBytes:T,randomBytes:O});function Y(){return new Float64Array(16)}const z=new Uint8Array(32);z[0]=9;const j=Y();function D(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function V(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function R(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function $(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function q(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,c=0,l=0,u=0,f=0,y=0,p=0,d=0,m=0,g=0,b=0,K=0,w=0,A=0,_=0,E=0,U=0,v=0,M=0,S=0,N=0,L=0,k=0,x=0,H=0,P=0;const B=s[0],X=s[1],C=s[2],T=s[3],O=s[4],I=s[5],Y=s[6],z=s[7],j=s[8],D=s[9],V=s[10],R=s[11],$=s[12],q=s[13],F=s[14],G=s[15];let W=e[0];i+=W*B,h+=W*X,r+=W*C,n+=W*T,a+=W*O,o+=W*I,c+=W*Y,l+=W*z,u+=W*j,f+=W*D,y+=W*V,p+=W*R,d+=W*$,m+=W*q,g+=W*F,b+=W*G,W=e[1],h+=W*B,r+=W*X,n+=W*C,a+=W*T,o+=W*O,c+=W*I,l+=W*Y,u+=W*z,f+=W*j,y+=W*D,p+=W*V,d+=W*R,m+=W*$,g+=W*q,b+=W*F,K+=W*G,W=e[2],r+=W*B,n+=W*X,a+=W*C,o+=W*T,c+=W*O,l+=W*I,u+=W*Y,f+=W*z,y+=W*j,p+=W*D,d+=W*V,m+=W*R,g+=W*$,b+=W*q,K+=W*F,w+=W*G,W=e[3],n+=W*B,a+=W*X,o+=W*C,c+=W*T,l+=W*O,u+=W*I,f+=W*Y,y+=W*z,p+=W*j,d+=W*D,m+=W*V,g+=W*R,b+=W*$,K+=W*q,w+=W*F,A+=W*G,W=e[4],a+=W*B,o+=W*X,c+=W*C,l+=W*T,u+=W*O,f+=W*I,y+=W*Y,p+=W*z,d+=W*j,m+=W*D,g+=W*V,b+=W*R,K+=W*$,w+=W*q,A+=W*F,_+=W*G,W=e[5],o+=W*B,c+=W*X,l+=W*C,u+=W*T,f+=W*O,y+=W*I,p+=W*Y,d+=W*z,m+=W*j,g+=W*D,b+=W*V,K+=W*R,w+=W*$,A+=W*q,_+=W*F,E+=W*G,W=e[6],c+=W*B,l+=W*X,u+=W*C,f+=W*T,y+=W*O,p+=W*I,d+=W*Y,m+=W*z,g+=W*j,b+=W*D,K+=W*V,w+=W*R,A+=W*$,_+=W*q,E+=W*F,U+=W*G,W=e[7],l+=W*B,u+=W*X,f+=W*C,y+=W*T,p+=W*O,d+=W*I,m+=W*Y,g+=W*z,b+=W*j,K+=W*D,w+=W*V,A+=W*R,_+=W*$,E+=W*q,U+=W*F,v+=W*G,W=e[8],u+=W*B,f+=W*X,y+=W*C,p+=W*T,d+=W*O,m+=W*I,g+=W*Y,b+=W*z,K+=W*j,w+=W*D,A+=W*V,_+=W*R,E+=W*$,U+=W*q,v+=W*F,M+=W*G,W=e[9],f+=W*B,y+=W*X,p+=W*C,d+=W*T,m+=W*O,g+=W*I,b+=W*Y,K+=W*z,w+=W*j,A+=W*D,_+=W*V,E+=W*R,U+=W*$,v+=W*q,M+=W*F,S+=W*G,W=e[10],y+=W*B,p+=W*X,d+=W*C,m+=W*T,g+=W*O,b+=W*I,K+=W*Y,w+=W*z,A+=W*j,_+=W*D,E+=W*V,U+=W*R,v+=W*$,M+=W*q,S+=W*F,N+=W*G,W=e[11],p+=W*B,d+=W*X,m+=W*C,g+=W*T,b+=W*O,K+=W*I,w+=W*Y,A+=W*z,_+=W*j,E+=W*D,U+=W*V,v+=W*R,M+=W*$,S+=W*q,N+=W*F,L+=W*G,W=e[12],d+=W*B,m+=W*X,g+=W*C,b+=W*T,K+=W*O,w+=W*I,A+=W*Y,_+=W*z,E+=W*j,U+=W*D,v+=W*V,M+=W*R,S+=W*$,N+=W*q,L+=W*F,k+=W*G,W=e[13],m+=W*B,g+=W*X,b+=W*C,K+=W*T,w+=W*O,A+=W*I,_+=W*Y,E+=W*z,U+=W*j,v+=W*D,M+=W*V,S+=W*R,N+=W*$,L+=W*q,k+=W*F,x+=W*G,W=e[14],g+=W*B,b+=W*X,K+=W*C,w+=W*T,A+=W*O,_+=W*I,E+=W*Y,U+=W*z,v+=W*j,M+=W*D,S+=W*V,N+=W*R,L+=W*$,k+=W*q,x+=W*F,H+=W*G,W=e[15],b+=W*B,K+=W*X,w+=W*C,A+=W*T,_+=W*O,E+=W*I,U+=W*Y,v+=W*z,M+=W*j,S+=W*D,N+=W*V,L+=W*R,k+=W*$,x+=W*q,H+=W*F,P+=W*G,i+=38*K,h+=38*w,r+=38*A,n+=38*_,a+=38*E,o+=38*U,c+=38*v,l+=38*M,u+=38*S,f+=38*N,y+=38*L,p+=38*k,d+=38*x,m+=38*H,g+=38*P;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=b+Z+65535,Z=Math.floor(W/65536),b=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=b+Z+65535,Z=Math.floor(W/65536),b=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=c,t[7]=l,t[8]=u,t[9]=f,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=b}function F(t,e){q(t,e,e)}function G(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=Y(),n=Y(),a=Y(),o=Y(),c=Y(),l=Y();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;V(r,n,e),V(a,o,e),R(c,r,a),$(r,r,a),R(a,n,o),$(n,n,o),F(o,c),F(l,r),q(r,a,r),q(a,n,c),R(c,r,a),$(r,r,a),F(n,r),$(a,o,l),q(r,a,j),R(r,r,o),q(a,a,r),q(r,o,l),q(o,n,h),F(n,c),V(r,n,e),V(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const u=h.subarray(32),f=h.subarray(16);!function(t,e){const s=Y();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)F(s,s),2!==t&&4!==t&&q(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(u,u),q(f,f,u),function(t,e){const s=Y(),i=Y();for(let t=0;t<16;t++)i[t]=e[t];D(i),D(i),D(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,V(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,f)}function W(t,e){G(t,e,z)}function Z(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return G(s,t,e),s}function J(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return W(e,t),e}j[0]=56129,j[1]=1,Z.scalarLength=32,Z.groupElementLength=32;var Q=Object.freeze({__proto__:null,crypto_scalarmult:G,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:W,scalarMult:Z,scalarMultBase:J});function tt(t){const e=new DataView(new ArrayBuffer(12));return e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}var et=Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:class extends L{constructor(){super()}dhName(){return"25519"}generateKeypair(){const t=O(Z.scalarLength);return{public:J(t),secret:t}}dh(t,e){return Z(t.secret,e)}cipherName(){return"ChaChaPoly"}encrypt(t,e,s,i){return y(s,t,tt(e),i)}decrypt(t,e,s,i){return m(s,t,tt(e),i)}hashName(){return"BLAKE2s"}hash(t){return E.digest(t)}hashBlocklen(){return E.BLOCKLEN}}});t.AEAD=g,t.BLAKE2=U,t.ChaCha20=n,t.Noise=x,t.NoiseProfiles=et,t.Patterns=C,t.Poly1305=o,t.Random=I,t.X25519=Q})); | ||
| !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}const r={NAME:"chacha20",KEYBYTES:32,NONCEBYTES:12,BLOCKBYTES:64,stream_xor(t,e,s,i,n=0,a=s.byteLength){const o=function(t){const e=new DataView(new ArrayBuffer(r.NONCEBYTES));return e.setUint32(0,t.extra,!0),e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}(e),l=a>>6,c=63&a;for(let e=0;e<l;e++){const r=h(t,n+e,o);for(let t=0;t<64;t++)i[(e<<6)+t]=s[(e<<6)+t]^r[t>>2]>>((3&t)<<3)}if(0!==c){const e=h(t,n+l,o);for(let t=0;t<c;t++)i[(l<<6)+t]=s[(l<<6)+t]^e[t>>2]>>((3&t)<<3)}}};var n,a=Object.freeze({__proto__:null,ChaCha20:r,chacha20_block:h,chacha20_quarter_round:s});const o=(n=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s){if(this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0,!e)throw new Error("Poly1305: key required");if((null!=s?s:t.OUTBYTES)!==t.OUTBYTES)throw new Error("Poly1305: outlen != OUTBYTES");const i=255&e[0]|(255&e[1])<<8;this.r[0]=8191&i;const h=255&e[2]|(255&e[3])<<8;this.r[1]=8191&(i>>>13|h<<3);const r=255&e[4]|(255&e[5])<<8;this.r[2]=7939&(h>>>10|r<<6);const n=255&e[6]|(255&e[7])<<8;this.r[3]=8191&(r>>>7|n<<9);const a=255&e[8]|(255&e[9])<<8;this.r[4]=255&(n>>>4|a<<12),this.r[5]=a>>>1&8190;const o=255&e[10]|(255&e[11])<<8;this.r[6]=8191&(a>>>14|o<<2);const l=255&e[12]|(255&e[13])<<8;this.r[7]=8065&(o>>>11|l<<5);const c=255&e[14]|(255&e[15])<<8;this.r[8]=8191&(l>>>8|c<<8),this.r[9]=c>>>5&127,this.pad[0]=255&e[16]|(255&e[17])<<8,this.pad[1]=255&e[18]|(255&e[19])<<8,this.pad[2]=255&e[20]|(255&e[21])<<8,this.pad[3]=255&e[22]|(255&e[23])<<8,this.pad[4]=255&e[24]|(255&e[25])<<8,this.pad[5]=255&e[26]|(255&e[27])<<8,this.pad[6]=255&e[28]|(255&e[29])<<8,this.pad[7]=255&e[30]|(255&e[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],l=this.h[5],c=this.h[6],u=this.h[7],f=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],K=this.r[4],b=this.r[5],w=this.r[6],E=this.r[7],_=this.r[8],A=this.r[9];for(;s>=16;){const M=255&t[e+0]|(255&t[e+1])<<8;h+=8191&M;const U=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(M>>>13|U<<3);const v=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(U>>>10|v<<6);const S=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(v>>>7|S<<9);const N=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(S>>>4|N<<12),l+=N>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;c+=8191&(N>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;u+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;f+=8191&(k>>>8|x<<8),y+=x>>>5|i;let T=0,B=T;B+=h*p,B+=r*(5*A),B+=n*(5*_),B+=a*(5*E),B+=o*(5*w),T=B>>>13,B&=8191,B+=l*(5*b),B+=c*(5*K),B+=u*(5*g),B+=f*(5*m),B+=y*(5*d),T+=B>>>13,B&=8191;let P=T;P+=h*d,P+=r*p,P+=n*(5*A),P+=a*(5*_),P+=o*(5*E),T=P>>>13,P&=8191,P+=l*(5*w),P+=c*(5*b),P+=u*(5*K),P+=f*(5*g),P+=y*(5*m),T+=P>>>13,P&=8191;let O=T;O+=h*m,O+=r*d,O+=n*p,O+=a*(5*A),O+=o*(5*_),T=O>>>13,O&=8191,O+=l*(5*E),O+=c*(5*w),O+=u*(5*b),O+=f*(5*K),O+=y*(5*g),T+=O>>>13,O&=8191;let C=T;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*A),T=C>>>13,C&=8191,C+=l*(5*_),C+=c*(5*E),C+=u*(5*w),C+=f*(5*b),C+=y*(5*K),T+=C>>>13,C&=8191;let H=T;H+=h*K,H+=r*g,H+=n*m,H+=a*d,H+=o*p,T=H>>>13,H&=8191,H+=l*(5*A),H+=c*(5*_),H+=u*(5*E),H+=f*(5*w),H+=y*(5*b),T+=H>>>13,H&=8191;let X=T;X+=h*b,X+=r*K,X+=n*g,X+=a*m,X+=o*d,T=X>>>13,X&=8191,X+=l*p,X+=c*(5*A),X+=u*(5*_),X+=f*(5*E),X+=y*(5*w),T+=X>>>13,X&=8191;let Y=T;Y+=h*w,Y+=r*b,Y+=n*K,Y+=a*g,Y+=o*m,T=Y>>>13,Y&=8191,Y+=l*d,Y+=c*p,Y+=u*(5*A),Y+=f*(5*_),Y+=y*(5*E),T+=Y>>>13,Y&=8191;let I=T;I+=h*E,I+=r*w,I+=n*b,I+=a*K,I+=o*g,T=I>>>13,I&=8191,I+=l*m,I+=c*d,I+=u*p,I+=f*(5*A),I+=y*(5*_),T+=I>>>13,I&=8191;let z=T;z+=h*_,z+=r*E,z+=n*w,z+=a*b,z+=o*K,T=z>>>13,z&=8191,z+=l*g,z+=c*m,z+=u*d,z+=f*p,z+=y*(5*A),T+=z>>>13,z&=8191;let j=T;j+=h*A,j+=r*_,j+=n*E,j+=a*w,j+=o*b,T=j>>>13,j&=8191,j+=l*K,j+=c*g,j+=u*m,j+=f*d,j+=y*p,T+=j>>>13,j&=8191,T=(T<<2)+T|0,T=T+B|0,B=8191&T,T>>>=13,P+=T,h=B,r=P,n=O,a=C,o=H,l=X,c=Y,u=I,f=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=l,this.h[6]=c,this.h[7]=u,this.h[8]=f,this.h[9]=y}final(e){if(e||(e=new Uint8Array(t.OUTBYTES)),this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;return e[0]=this.h[0]>>>0&255,e[1]=this.h[0]>>>8&255,e[2]=this.h[1]>>>0&255,e[3]=this.h[1]>>>8&255,e[4]=this.h[2]>>>0&255,e[5]=this.h[2]>>>8&255,e[6]=this.h[3]>>>0&255,e[7]=this.h[3]>>>8&255,e[8]=this.h[4]>>>0&255,e[9]=this.h[4]>>>8&255,e[10]=this.h[5]>>>0&255,e[11]=this.h[5]>>>8&255,e[12]=this.h[6]>>>0&255,e[13]=this.h[6]>>>8&255,e[14]=this.h[7]>>>0&255,e[15]=this.h[7]>>>8&255,e}update(t,e=0,s=t.byteLength){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}},n.NAME="Poly1305",n.KEYBYTES=32,n.OUTBYTES=16,n.BLOCKLEN=16,n);var l=Object.freeze({__proto__:null,Poly1305:o});function c(t,e,s){return 0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(t,e,s)}function u(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function f(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const y=new Uint8Array(0);var p=Object.freeze({__proto__:null,EMPTY:y,append:f,equal:c,xor:u});const d=new Uint8Array(16);function m(t,e){const s=15&e;0!==s&&t.update(d,0,16-s)}function g(t,e,s,i,h,n){const a=new Uint8Array(o.KEYBYTES);r.stream_xor(e,s,a,a,0);const l=new o(a);void 0!==n&&(l.update(n,0,n.byteLength),m(l,n.byteLength)),l.update(i,0,h),m(l,h);const c=new Uint8Array(16),u=new DataView(c.buffer);void 0!==n&&u.setUint32(0,n.byteLength,!0),u.setUint32(8,h,!0),l.update(c,0,c.byteLength),l.final(t)}const K={NAME:"ChaChaPoly",KEYBYTES:32,NONCEBYTES:12,TAGBYTES:16,encrypt_detached(t,e,s,i,h,n,a){r.stream_xor(h,n,t,e,1,s),g(i,h,n,e,s,a)},encrypt:E,decrypt_detached(t,e,s,i,h,n,a){const o=new Uint8Array(this.TAGBYTES);g(o,h,n,e,s,a);const l=c(o,i,o.byteLength);return l&&r.stream_xor(h,n,e,t,1,s),l},decrypt:_};var b=Object.freeze({__proto__:null,ChaCha20Poly1305_RFC8439:K});class w extends Error{}function E(t,e,s,i){const h=new Uint8Array(t.byteLength+this.TAGBYTES);return this.encrypt_detached(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function _(t,e,s,i){const h=new Uint8Array(t.byteLength-this.TAGBYTES);if(!this.decrypt_detached(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new w("AEAD authentication failed");return h}const A=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function M(t){const e=new Uint8Array(t);return A(e,t),e}function U(){return new Float64Array(16)}const v=new Uint8Array(32);v[0]=9;const S=U();function N(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function L(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function k(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function x(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function T(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,l=0,c=0,u=0,f=0,y=0,p=0,d=0,m=0,g=0,K=0,b=0,w=0,E=0,_=0,A=0,M=0,U=0,v=0,S=0,N=0,L=0,k=0,x=0,T=0,B=0;const P=s[0],O=s[1],C=s[2],H=s[3],X=s[4],Y=s[5],I=s[6],z=s[7],j=s[8],D=s[9],R=s[10],V=s[11],F=s[12],$=s[13],q=s[14],G=s[15];let W=e[0];i+=W*P,h+=W*O,r+=W*C,n+=W*H,a+=W*X,o+=W*Y,l+=W*I,c+=W*z,u+=W*j,f+=W*D,y+=W*R,p+=W*V,d+=W*F,m+=W*$,g+=W*q,K+=W*G,W=e[1],h+=W*P,r+=W*O,n+=W*C,a+=W*H,o+=W*X,l+=W*Y,c+=W*I,u+=W*z,f+=W*j,y+=W*D,p+=W*R,d+=W*V,m+=W*F,g+=W*$,K+=W*q,b+=W*G,W=e[2],r+=W*P,n+=W*O,a+=W*C,o+=W*H,l+=W*X,c+=W*Y,u+=W*I,f+=W*z,y+=W*j,p+=W*D,d+=W*R,m+=W*V,g+=W*F,K+=W*$,b+=W*q,w+=W*G,W=e[3],n+=W*P,a+=W*O,o+=W*C,l+=W*H,c+=W*X,u+=W*Y,f+=W*I,y+=W*z,p+=W*j,d+=W*D,m+=W*R,g+=W*V,K+=W*F,b+=W*$,w+=W*q,E+=W*G,W=e[4],a+=W*P,o+=W*O,l+=W*C,c+=W*H,u+=W*X,f+=W*Y,y+=W*I,p+=W*z,d+=W*j,m+=W*D,g+=W*R,K+=W*V,b+=W*F,w+=W*$,E+=W*q,_+=W*G,W=e[5],o+=W*P,l+=W*O,c+=W*C,u+=W*H,f+=W*X,y+=W*Y,p+=W*I,d+=W*z,m+=W*j,g+=W*D,K+=W*R,b+=W*V,w+=W*F,E+=W*$,_+=W*q,A+=W*G,W=e[6],l+=W*P,c+=W*O,u+=W*C,f+=W*H,y+=W*X,p+=W*Y,d+=W*I,m+=W*z,g+=W*j,K+=W*D,b+=W*R,w+=W*V,E+=W*F,_+=W*$,A+=W*q,M+=W*G,W=e[7],c+=W*P,u+=W*O,f+=W*C,y+=W*H,p+=W*X,d+=W*Y,m+=W*I,g+=W*z,K+=W*j,b+=W*D,w+=W*R,E+=W*V,_+=W*F,A+=W*$,M+=W*q,U+=W*G,W=e[8],u+=W*P,f+=W*O,y+=W*C,p+=W*H,d+=W*X,m+=W*Y,g+=W*I,K+=W*z,b+=W*j,w+=W*D,E+=W*R,_+=W*V,A+=W*F,M+=W*$,U+=W*q,v+=W*G,W=e[9],f+=W*P,y+=W*O,p+=W*C,d+=W*H,m+=W*X,g+=W*Y,K+=W*I,b+=W*z,w+=W*j,E+=W*D,_+=W*R,A+=W*V,M+=W*F,U+=W*$,v+=W*q,S+=W*G,W=e[10],y+=W*P,p+=W*O,d+=W*C,m+=W*H,g+=W*X,K+=W*Y,b+=W*I,w+=W*z,E+=W*j,_+=W*D,A+=W*R,M+=W*V,U+=W*F,v+=W*$,S+=W*q,N+=W*G,W=e[11],p+=W*P,d+=W*O,m+=W*C,g+=W*H,K+=W*X,b+=W*Y,w+=W*I,E+=W*z,_+=W*j,A+=W*D,M+=W*R,U+=W*V,v+=W*F,S+=W*$,N+=W*q,L+=W*G,W=e[12],d+=W*P,m+=W*O,g+=W*C,K+=W*H,b+=W*X,w+=W*Y,E+=W*I,_+=W*z,A+=W*j,M+=W*D,U+=W*R,v+=W*V,S+=W*F,N+=W*$,L+=W*q,k+=W*G,W=e[13],m+=W*P,g+=W*O,K+=W*C,b+=W*H,w+=W*X,E+=W*Y,_+=W*I,A+=W*z,M+=W*j,U+=W*D,v+=W*R,S+=W*V,N+=W*F,L+=W*$,k+=W*q,x+=W*G,W=e[14],g+=W*P,K+=W*O,b+=W*C,w+=W*H,E+=W*X,_+=W*Y,A+=W*I,M+=W*z,U+=W*j,v+=W*D,S+=W*R,N+=W*V,L+=W*F,k+=W*$,x+=W*q,T+=W*G,W=e[15],K+=W*P,b+=W*O,w+=W*C,E+=W*H,_+=W*X,A+=W*Y,M+=W*I,U+=W*z,v+=W*j,S+=W*D,N+=W*R,L+=W*V,k+=W*F,x+=W*$,T+=W*q,B+=W*G,i+=38*b,h+=38*w,r+=38*E,n+=38*_,a+=38*A,o+=38*M,l+=38*U,c+=38*v,u+=38*S,f+=38*N,y+=38*L,p+=38*k,d+=38*x,m+=38*T,g+=38*B;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=l,t[7]=c,t[8]=u,t[9]=f,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=K}function B(t,e){T(t,e,e)}function P(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=U(),n=U(),a=U(),o=U(),l=U(),c=U();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;L(r,n,e),L(a,o,e),k(l,r,a),x(r,r,a),k(a,n,o),x(n,n,o),B(o,l),B(c,r),T(r,a,r),T(a,n,l),k(l,r,a),x(r,r,a),B(n,r),x(a,o,c),T(r,a,S),k(r,r,o),T(a,a,r),T(r,o,c),T(o,n,h),B(n,l),L(r,n,e),L(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const u=h.subarray(32),f=h.subarray(16);!function(t,e){const s=U();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)B(s,s),2!==t&&4!==t&&T(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(u,u),T(f,f,u),function(t,e){const s=U(),i=U();for(let t=0;t<16;t++)i[t]=e[t];N(i),N(i),N(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,L(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,f)}function O(t,e){P(t,e,v)}function C(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return P(s,t,e),s}function H(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return O(e,t),e}S[0]=56129,S[1]=1,C.scalarLength=32,C.groupElementLength=32;var X=Object.freeze({__proto__:null,crypto_scalarmult:P,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:O,scalarMult:C,scalarMultBase:H});const Y={NAME:"25519",DHLEN:C.groupElementLength,generateKeypair(){const t=M(C.scalarLength);return{public:H(t),secret:t}},dh:(t,e)=>C(t.secret,e)};var I;function z(t,e){return t>>>e|t<<32-e}function j(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=z(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=z(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],7)}const D=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),R=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function V(t,e){return R[(t<<4)+e]}const F=(I=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s=t.OUTBYTES){var i;this.outlen=s,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(D),this.t=new Uint32Array(2),this.c=0;const h=null!==(i=null==e?void 0:e.byteLength)&&void 0!==i?i:0;if(0==s||s>32||h>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^h<<8^s,e&&h>0&&(this.update(e),this.c=64)}update(t,e=0,s=t.byteLength){for(let i=e;i<e+s;i++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[i]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=D[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)j(e,0,4,8,12,s[V(t,0)],s[V(t,1)]),j(e,1,5,9,13,s[V(t,2)],s[V(t,3)]),j(e,2,6,10,14,s[V(t,4)],s[V(t,5)]),j(e,3,7,11,15,s[V(t,6)],s[V(t,7)]),j(e,0,5,10,15,s[V(t,8)],s[V(t,9)]),j(e,1,6,11,12,s[V(t,10)],s[V(t,11)]),j(e,2,7,8,13,s[V(t,12)],s[V(t,13)]),j(e,3,4,9,14,s[V(t,14)],s[V(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}},I.NAME="BLAKE2s",I.KEYBYTES=32,I.OUTBYTES=32,I.BLOCKLEN=64,I);var $=Object.freeze({__proto__:null,BLAKE2s:F});function q(t){return function(e,s,i){const h=t(e,s),r=t(h,Uint8Array.from([1])),n=t(h,f(r,Uint8Array.from([2])));switch(i){case 2:return[r,n];case 3:return[r,n,t(h,f(n,Uint8Array.from([3])))]}}}function G(t){const e=new Uint8Array(t.BLOCKLEN);e.fill(54);const s=new Uint8Array(t.BLOCKLEN);s.fill(92);const i=(i,h)=>{const r=i.byteLength>t.BLOCKLEN?t.digest(i):i,n=f(r,new Uint8Array(t.BLOCKLEN-r.byteLength));return t.digest(f(u(n,s),t.digest(f(u(n,e),h))))};return i.NAME="HMAC-"+t.NAME,i}function W(t,e){const s=new RegExp(`^Noise_([A-Za-z0-9+]+)_${t.dh.NAME}_${t.aead.NAME}_${t.hash.NAME}$`).exec(e);return null===s?null:s[1]}var Z=Object.freeze({__proto__:null,matchPattern:W});class J{constructor(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}static get MAX(){return new J(4294967295,4294967295)}}function Q(t){return e=>new DataView(t.encrypt(new Uint8Array(32),e,J.MAX).buffer)}var tt=Object.freeze({__proto__:null,makeRekey:Q});class et{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new J,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.encrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.decrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}rekey(){var t;null!==this.view&&(this.view=(null!==(t=this.algorithms.rekey)&&void 0!==t?t:Q(this.algorithms.aead))(this.view))}}var st=Object.freeze({__proto__:null,CipherState:et});class it{constructor(t,e,s,i={}){var h,r,n,a,o,l,c;this.algorithms=t,this.pattern=e,this.role=s,this.stepIndex=0,this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.dh.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.dh.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const u=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dh.NAME+"_"+this.algorithms.aead.NAME+"_"+this.algorithms.hash.NAME);this.cipherState=new et(this.algorithms);{const t=this.algorithms.hash.OUTBYTES,e=u.byteLength>t?this.algorithms.hash.digest(u):u;this.chainingKey=f(e,new Uint8Array(t-e.byteLength))}this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:y),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public))),this.hkdf=null!==(l=this.algorithms.hkdf)&&void 0!==l?l:q(null!==(c=this.algorithms.hmac)&&void 0!==c?c:G(this.algorithms.hash))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash.digest(f(this.handshakeHash,t))}mixKey(t){const[e,s]=this.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new et(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new et(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.hkdf(this.chainingKey,y,2).map((t=>new et(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dh.DHLEN),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dh.DHLEN+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}}var ht=Object.freeze({__proto__:null,Handshake:it});const rt={};function nt(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};rt[h.name]=h}function at(t){return 1===t.baseName.length}nt("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),nt("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),nt("I1N",[["e","s"],["e","ee"],["se"]],[],[]),nt("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),nt("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),nt("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),nt("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),nt("IN",[["e","s"],["e","ee","se"]],[],[]),nt("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),nt("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),nt("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),nt("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),nt("K1N",[["e"],["e","ee"],["se"]],["s"],[]),nt("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),nt("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),nt("K",[["e","es","ss"]],["s"],["s"]),nt("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),nt("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),nt("KN",[["e"],["e","ee","se"]],["s"],[]),nt("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),nt("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),nt("N",[["e","es"]],[],["s"]),nt("NK1",[["e"],["e","ee","es"]],[],["s"]),nt("NK",[["e","es"],["e","ee"]],[],["s"]),nt("NN",[["e"],["e","ee"]],[],[]),nt("NX1",[["e"],["e","ee","s"],["es"]],[],[]),nt("NX",[["e"],["e","ee","s","es"]],[],[]),nt("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),nt("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),nt("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),nt("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),nt("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),nt("X",[["e","es","s","ss"]],[],["s"]),nt("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),nt("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),nt("XN",[["e"],["e","ee"],["s","se"]],[],[]),nt("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),nt("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const ot=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,lt=/^psk([0-9]+)$/;function ct(t){var e,s,i;const h=ot.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=rt[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=lt.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}const ut={dh:Y,aead:K,hash:F};const ft={aead:{chacha20poly1305:b},cipher:{chacha20:a},dh:{x25519:X},hash:{blake2s:$,poly1305:l},noise:{algorithms:Z,cipherstate:st,handshake:ht,patterns:Object.freeze({__proto__:null,PATTERNS:rt,isOneWay:at,lookupPattern:ct}),profiles:Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:ut}),rekey:tt}};t.AuthenticationFailure=w,t.BLAKE2s=F,t.Bytes=p,t.ChaCha20=r,t.ChaCha20Poly1305_RFC8439=K,t.CipherState=et,t.Handshake=it,t.INTERNALS=ft,t.Noise_25519_ChaChaPoly_BLAKE2s=ut,t.Nonce=J,t.PATTERNS=rt,t.Poly1305=o,t.X25519=Y,t._decrypt=_,t._encrypt=E,t._randomBytes=A,t.isOneWay=at,t.lookupPattern=ct,t.makeHKDF=q,t.makeHMAC=G,t.matchPattern=W,t.randomBytes=M})); |
| { | ||
| "name": "salty-crypto", | ||
| "version": "0.0.5", | ||
| "version": "0.1.0", | ||
| "description": "Noise Protocol Framework, plus X25519/ChaCha20Poly1305/BLAKE2s code, for browser and node.js", | ||
@@ -5,0 +5,0 @@ "author": "Tony Garnock-Jones <tonyg@leastfixedpoint.com>", |
138
src/aead.ts
| /// SPDX-License-Identifier: MIT | ||
| /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
| // RFC-8439 AEAD construction. | ||
| import { Nonce } from './nonce'; | ||
| export const AEAD_CHACHA20_POLY1305_KEYBYTES = 32; | ||
| export const AEAD_CHACHA20_POLY1305_NONCEBYTES = 12; | ||
| export const AEAD_CHACHA20_POLY1305_TAGBYTES = 16; | ||
| export class AuthenticationFailure extends Error {} | ||
| import { chacha20 } from './chacha20'; | ||
| import { Poly1305 } from './poly1305'; | ||
| export interface AEAD { | ||
| readonly NAME: string; | ||
| readonly KEYBYTES: number; | ||
| readonly NONCEBYTES: number; | ||
| readonly TAGBYTES: number; | ||
| const PADDING = new Uint8Array(16); | ||
| encrypt_detached(plaintext: Uint8Array, | ||
| ciphertext: Uint8Array, | ||
| messagelength: number, | ||
| tag: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): void; | ||
| function pad16(p: Poly1305, unpadded_length: number) { | ||
| const leftover = unpadded_length & 15; | ||
| if (leftover !== 0) p.update(PADDING, 0, 16 - leftover); | ||
| } | ||
| encrypt(plaintext: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): Uint8Array; | ||
| function aead_tag(tag: Uint8Array, | ||
| key: DataView, | ||
| nonce: DataView, | ||
| ciphertext: Uint8Array, | ||
| cipherlength: number, | ||
| associated_data?: Uint8Array) | ||
| { | ||
| const mac_key = new Uint8Array(Poly1305.KEYBYTES); | ||
| chacha20(key, nonce, mac_key, mac_key, 0); | ||
| const p = new Poly1305(mac_key); | ||
| decrypt_detached(plaintext: Uint8Array, | ||
| ciphertext: Uint8Array, | ||
| messagelength: number, | ||
| expected_tag: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): boolean; | ||
| if (associated_data !== void 0) { | ||
| p.update(associated_data, 0, associated_data.byteLength); | ||
| pad16(p, associated_data.byteLength); | ||
| } | ||
| p.update(ciphertext, 0, cipherlength); | ||
| pad16(p, cipherlength); | ||
| const L = new Uint8Array(16); | ||
| const Lv = new DataView(L.buffer); | ||
| if (associated_data !== void 0) { | ||
| Lv.setUint32(0, associated_data.byteLength, true); | ||
| } | ||
| Lv.setUint32(8, cipherlength, true); | ||
| p.update(L, 0, L.byteLength); | ||
| p.finish(tag, 0); | ||
| decrypt(ciphertextAndTag: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): Uint8Array; | ||
| } | ||
| export function aead_encrypt_detached( | ||
| plaintext: Uint8Array, | ||
| ciphertext: Uint8Array, | ||
| messagelength: number, | ||
| tag: Uint8Array, | ||
| key: DataView, | ||
| nonce: DataView, | ||
| associated_data?: Uint8Array, | ||
| ): void { | ||
| chacha20(key, nonce, plaintext, ciphertext, 1, messagelength); | ||
| aead_tag(tag, key, nonce, ciphertext, messagelength, associated_data); | ||
| } | ||
| export function aead_encrypt( | ||
| plaintext: Uint8Array, | ||
| key: DataView, | ||
| nonce: DataView, | ||
| associated_data?: Uint8Array, | ||
| ): Uint8Array { | ||
| const ciphertextAndTag = new Uint8Array(plaintext.byteLength + AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
| aead_encrypt_detached(plaintext, | ||
| export function _encrypt(this: AEAD, | ||
| plaintext: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): Uint8Array | ||
| { | ||
| const ciphertextAndTag = new Uint8Array(plaintext.byteLength + this.TAGBYTES); | ||
| this.encrypt_detached(plaintext, | ||
| ciphertextAndTag, | ||
@@ -80,34 +58,10 @@ plaintext.byteLength, | ||
| // `verify` from nacl-fast.js | ||
| function verify(x: Uint8Array, y: Uint8Array, n: number): number { | ||
| let d = 0; | ||
| for (let i = 0; i < n; i++) d |= x[i]^y[i]; | ||
| return (1 & ((d - 1) >>> 8)) - 1; | ||
| } | ||
| export function aead_decrypt_detached(plaintext: Uint8Array, | ||
| ciphertext: Uint8Array, | ||
| messagelength: number, | ||
| expected_tag: Uint8Array, | ||
| key: DataView, | ||
| nonce: DataView, | ||
| associated_data?: Uint8Array): boolean | ||
| export function _decrypt(this: AEAD, | ||
| ciphertextAndTag: Uint8Array, | ||
| key: DataView, | ||
| nonce: Nonce, | ||
| associated_data?: Uint8Array): Uint8Array | ||
| { | ||
| const actual_tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
| aead_tag(actual_tag, key, nonce, ciphertext, messagelength, associated_data); | ||
| const ok = verify(actual_tag, expected_tag, actual_tag.byteLength) === 0; | ||
| if (ok) chacha20(key, nonce, ciphertext, plaintext, 1, messagelength); | ||
| return ok; | ||
| } | ||
| export class AuthenticationFailure extends Error {} | ||
| export function aead_decrypt( | ||
| ciphertextAndTag: Uint8Array, | ||
| key: DataView, | ||
| nonce: DataView, | ||
| associated_data?: Uint8Array, | ||
| ): Uint8Array { | ||
| const plaintext = new Uint8Array(ciphertextAndTag.byteLength - AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
| if (!aead_decrypt_detached(plaintext, | ||
| const plaintext = new Uint8Array(ciphertextAndTag.byteLength - this.TAGBYTES); | ||
| if (!this.decrypt_detached(plaintext, | ||
| ciphertextAndTag, | ||
@@ -119,5 +73,7 @@ plaintext.byteLength, | ||
| associated_data)) { | ||
| throw new AuthenticationFailure("ChaCha20Poly1305 AEAD authentication failed"); | ||
| throw new AuthenticationFailure("AEAD authentication failed"); | ||
| } | ||
| return plaintext; | ||
| } | ||
| export { ChaCha20Poly1305_RFC8439 } from './aead/chacha20poly1305'; |
| /// SPDX-License-Identifier: MIT | ||
| /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
| export * as AEAD from './aead'; | ||
| export * as BLAKE2 from './blake2'; | ||
| export * as ChaCha20 from './chacha20'; | ||
| export * as Noise from './noise'; | ||
| export * as Patterns from './patterns'; | ||
| export * as Poly1305 from './poly1305'; | ||
| export * as NoiseProfiles from './profiles'; | ||
| export * as Random from './random'; | ||
| export * as X25519 from './x25519'; | ||
| export * from './aead'; | ||
| export * as Bytes from './bytes'; | ||
| export * from './cipher'; | ||
| export * from './dh'; | ||
| export * from './hash'; | ||
| export * from './hkdf'; | ||
| export * from './hmac'; | ||
| export * from './noise'; | ||
| export * from './nonce'; | ||
| export * from './random'; | ||
| import * as chacha20poly1305 from './aead/chacha20poly1305'; | ||
| import * as chacha20 from './cipher/chacha20'; | ||
| import * as x25519 from './dh/x25519'; | ||
| import * as blake2s from './hash/blake2s'; | ||
| import * as poly1305 from './hash/poly1305'; | ||
| import * as algorithms from './noise/algorithms'; | ||
| import * as cipherstate from './noise/cipherstate'; | ||
| import * as handshake from './noise/handshake'; | ||
| import * as patterns from './noise/patterns'; | ||
| import * as profiles from './noise/profiles'; | ||
| import * as rekey from './noise/rekey'; | ||
| export const INTERNALS = { | ||
| aead: { | ||
| chacha20poly1305, | ||
| }, | ||
| cipher: { | ||
| chacha20, | ||
| }, | ||
| dh: { | ||
| x25519, | ||
| }, | ||
| hash: { | ||
| blake2s, | ||
| poly1305, | ||
| }, | ||
| noise: { | ||
| algorithms, | ||
| cipherstate, | ||
| handshake, | ||
| patterns, | ||
| profiles, | ||
| rekey, | ||
| }, | ||
| }; |
380
src/noise.ts
| /// SPDX-License-Identifier: MIT | ||
| /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com> | ||
| export type DHKeyPair = { public: Uint8Array, secret: Uint8Array }; | ||
| export class Nonce { | ||
| constructor(public lo = 0, public hi = 0) {} | ||
| increment() { | ||
| const oldLo = this.lo; | ||
| const newLo = (oldLo + 1) | 0; | ||
| this.lo = newLo; | ||
| if (newLo < oldLo) this.hi = (this.hi + 1) | 0; | ||
| } | ||
| reset(lo = 0, hi = 0) { | ||
| this.lo = lo; | ||
| this.hi = hi; | ||
| } | ||
| static get MAX(): Nonce { | ||
| return new Nonce(0xffffffff, 0xffffffff); | ||
| } | ||
| } | ||
| export function bytesXor(a: Uint8Array, b: Uint8Array): Uint8Array { | ||
| const len = Math.min(a.byteLength, b.byteLength); | ||
| const r = new Uint8Array(len); | ||
| for (let i = 0; i < len; i++) r[i] = a[i] ^ b[i]; | ||
| return r; | ||
| } | ||
| export function bytesAppend(a: Uint8Array, b: Uint8Array): Uint8Array { | ||
| const r = new Uint8Array(a.byteLength + b.byteLength); | ||
| r.set(a, 0); | ||
| r.set(b, a.byteLength); | ||
| return r; | ||
| } | ||
| const EMPTY_BYTES = new Uint8Array(0); | ||
| export type HMAC = (key: Uint8Array, data: Uint8Array) => Uint8Array; | ||
| function makeHMAC(algorithms: NoiseProtocolAlgorithms): HMAC { | ||
| const HMAC_IPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_IPAD.fill(0x36); | ||
| const HMAC_OPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_OPAD.fill(0x5c); | ||
| return (key0, data) => { | ||
| const key = algorithms._padOrHash(key0, algorithms.hashBlocklen()); | ||
| return algorithms.hash(bytesAppend(bytesXor(key, HMAC_OPAD), | ||
| algorithms.hash(bytesAppend(bytesXor(key, HMAC_IPAD), | ||
| data)))); | ||
| }; | ||
| } | ||
| export abstract class NoiseProtocolAlgorithms { | ||
| readonly dhlen: number; | ||
| readonly hmac: HMAC; | ||
| constructor (hmac?: HMAC) { | ||
| const tmp = this.generateKeypair(); | ||
| this.dhlen = this.dh(tmp, tmp.public).byteLength; | ||
| this.hmac = hmac ?? makeHMAC(this); | ||
| } | ||
| abstract dhName(): string; | ||
| abstract generateKeypair(): DHKeyPair; | ||
| abstract dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array; | ||
| abstract cipherName(): string; | ||
| abstract encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| abstract decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array; | ||
| abstract hashName(): string; | ||
| abstract hash(data: Uint8Array): Uint8Array; | ||
| abstract hashBlocklen(): number; | ||
| rekey(k: DataView): DataView { | ||
| return new DataView(this.encrypt(k, Nonce.MAX, new Uint8Array(32)).buffer); | ||
| } | ||
| _padOrHash(bs0: Uint8Array, len: number): Uint8Array { | ||
| const bs = bs0.byteLength > len ? this.hash(bs0) : bs0; | ||
| return bytesAppend(bs, new Uint8Array(len - bs.byteLength)); | ||
| } | ||
| hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array]; | ||
| hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array]; | ||
| hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2 | 3): Uint8Array[] { | ||
| const tempKey = this.hmac(chainingKey, input); | ||
| const o1 = this.hmac(tempKey, Uint8Array.from([1])); | ||
| const o2 = this.hmac(tempKey, bytesAppend(o1, Uint8Array.from([2]))); | ||
| switch (numOutputs) { | ||
| case 2: return [o1, o2]; | ||
| case 3: return [o1, o2, this.hmac(tempKey, bytesAppend(o2, Uint8Array.from([3])))]; | ||
| } | ||
| } | ||
| matchingPattern(protocol_name: string): string | null { | ||
| const r = new RegExp(`^Noise_([A-Za-z0-9+]+)_${this.dhName()}_${this.cipherName()}_${this.hashName()}$`); | ||
| const m = r.exec(protocol_name); | ||
| if (m === null) return null; | ||
| return m[1]; | ||
| } | ||
| } | ||
| export interface HandshakePattern { | ||
| name: string; // e.g. "NNpsk2" | ||
| baseName: string; // e.g. "NN" | ||
| messages: Token[][]; | ||
| initiatorPreMessage: PreMessage; | ||
| responderPreMessage: PreMessage; | ||
| } | ||
| export class CipherState { | ||
| view: DataView | null = null; | ||
| nonce = new Nonce(); | ||
| constructor (public algorithms: NoiseProtocolAlgorithms, | ||
| key?: Uint8Array) | ||
| { | ||
| if (key !== void 0) this.view = new DataView(key.buffer); | ||
| } | ||
| encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array { | ||
| if (this.view === null) return plaintext; | ||
| const ciphertext = this.algorithms.encrypt(this.view, this.nonce, plaintext, associated_data); | ||
| this.nonce.increment(); | ||
| return ciphertext; | ||
| } | ||
| decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array { | ||
| if (this.view === null) return ciphertext; | ||
| const plaintext = this.algorithms.decrypt(this.view, this.nonce, ciphertext, associated_data); | ||
| this.nonce.increment(); | ||
| return plaintext; | ||
| } | ||
| rekey() { | ||
| if (this.view === null) return; | ||
| this.view = this.algorithms.rekey(this.view); | ||
| } | ||
| } | ||
| export type Role = 'initiator' | 'responder'; | ||
| export type NoiseProtocolOptions = { | ||
| prologue?: Uint8Array, | ||
| staticKeypair?: DHKeyPair, | ||
| remoteStaticPublicKey?: Uint8Array, | ||
| pregeneratedEphemeralKeypair?: DHKeyPair, | ||
| remotePregeneratedEphemeralPublicKey?: Uint8Array, | ||
| preSharedKeys?: Uint8Array[], | ||
| }; | ||
| export type KeyTransferToken = 'e' | 's'; | ||
| export type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk'; | ||
| export type Token = KeyTransferToken | KeyMixToken; | ||
| export type PreMessage = ['e'] | ['s'] | ['e', 's'] | []; | ||
| export type TransportState = { send: CipherState, recv: CipherState }; | ||
| export class NoiseHandshake { | ||
| staticKeypair: DHKeyPair; | ||
| remoteStaticPublicKey: Uint8Array | null; | ||
| ephemeralKeypair: DHKeyPair; | ||
| remoteEphemeralPublicKey: Uint8Array | null; | ||
| preSharedKeys?: Uint8Array[]; | ||
| stepIndex = 0; | ||
| cipherState: CipherState; | ||
| chainingKey: Uint8Array; | ||
| handshakeHash: Uint8Array; | ||
| constructor (public algorithms: NoiseProtocolAlgorithms, | ||
| public pattern: HandshakePattern, | ||
| public role: Role, | ||
| options: NoiseProtocolOptions = {}) | ||
| { | ||
| this.staticKeypair = options.staticKeypair ?? this.algorithms.generateKeypair(); | ||
| this.remoteStaticPublicKey = options.remoteStaticPublicKey ?? null; | ||
| this.ephemeralKeypair = options.pregeneratedEphemeralKeypair ?? this.algorithms.generateKeypair(); | ||
| this.remoteEphemeralPublicKey = options.remotePregeneratedEphemeralPublicKey ?? null; | ||
| this.preSharedKeys = options.preSharedKeys; | ||
| if (this.preSharedKeys) { | ||
| this.preSharedKeys = this.preSharedKeys.slice(); | ||
| if (this.preSharedKeys.length === 0) this.preSharedKeys = void 0; | ||
| } | ||
| const protocolName = new TextEncoder().encode( | ||
| 'Noise_' + this.pattern.name + | ||
| '_' + this.algorithms.dhName() + | ||
| '_' + this.algorithms.cipherName() + | ||
| '_' + this.algorithms.hashName()); | ||
| this.cipherState = new CipherState(this.algorithms); | ||
| this.chainingKey = this.algorithms._padOrHash( | ||
| protocolName, | ||
| this.algorithms.hash(EMPTY_BYTES).byteLength); | ||
| this.handshakeHash = this.chainingKey; | ||
| this.mixHash(options.prologue ?? EMPTY_BYTES); | ||
| this.pattern.initiatorPreMessage.forEach(t => this.mixHash(t === 'e' | ||
| ? (this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!) | ||
| : (this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!))); | ||
| this.pattern.responderPreMessage.forEach(t => this.mixHash(t === 'e' | ||
| ? (!this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!) | ||
| : (!this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!))); | ||
| } | ||
| get isInitiator(): boolean { | ||
| return this.role === 'initiator'; | ||
| } | ||
| mixHash(data: Uint8Array) { | ||
| this.handshakeHash = this.algorithms.hash(bytesAppend(this.handshakeHash, data)); | ||
| } | ||
| mixKey(input: Uint8Array) { | ||
| const [newCk, k] = this.algorithms.hkdf(this.chainingKey, input, 2); | ||
| this.chainingKey = newCk; | ||
| this.cipherState = new CipherState(this.algorithms, k); | ||
| } | ||
| mixKeyAndHashNextPSK() { | ||
| const psk = this.preSharedKeys!.shift()!; | ||
| const [newCk, tempH, k] = this.algorithms.hkdf(this.chainingKey, psk, 3); | ||
| this.chainingKey = newCk; | ||
| this.mixHash(tempH); | ||
| this.cipherState = new CipherState(this.algorithms, k); | ||
| } | ||
| encryptAndHash(p: Uint8Array) { | ||
| const c = this.cipherState.encrypt(p, this.handshakeHash); | ||
| this.mixHash(c); | ||
| return c; | ||
| } | ||
| decryptAndHash(c: Uint8Array) { | ||
| const p = this.cipherState.decrypt(c, this.handshakeHash); | ||
| this.mixHash(c); | ||
| return p; | ||
| } | ||
| _split(): TransportState | null { | ||
| if (this.stepIndex < this.pattern.messages.length) { | ||
| return null; | ||
| } else { | ||
| let [kI, kR] = this.algorithms.hkdf(this.chainingKey, EMPTY_BYTES, 2) | ||
| .map(k => new CipherState(this.algorithms, k)); | ||
| return this.isInitiator ? { send: kI, recv: kR } : { send: kR, recv: kI }; | ||
| } | ||
| } | ||
| _nextStep(): Token[] { | ||
| if (this.stepIndex >= this.pattern.messages.length) { | ||
| throw new Error("Handshake already complete, cannot continue"); | ||
| } | ||
| return this.pattern.messages[this.stepIndex++]; | ||
| } | ||
| _processKeyMixToken(t: KeyMixToken) { | ||
| switch (t) { | ||
| case 'ee': | ||
| this.mixKey(this.algorithms.dh(this.ephemeralKeypair, this.remoteEphemeralPublicKey!)); | ||
| break; | ||
| case 'es': | ||
| this.mixKey(this.isInitiator | ||
| ? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!) | ||
| : this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!)); | ||
| break; | ||
| case 'se': | ||
| this.mixKey(!this.isInitiator | ||
| ? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!) | ||
| : this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!)); | ||
| break; | ||
| case 'ss': | ||
| this.mixKey(this.algorithms.dh(this.staticKeypair, this.remoteStaticPublicKey!)); | ||
| break; | ||
| case 'psk': | ||
| this.mixKeyAndHashNextPSK(); | ||
| break; | ||
| } | ||
| } | ||
| writeMessage(payload: Uint8Array): { packet: Uint8Array, finished: TransportState | null } { | ||
| const pieces = []; | ||
| this._nextStep().forEach(t => { | ||
| switch (t) { | ||
| case 'e': | ||
| pieces.push(this.ephemeralKeypair.public); | ||
| this.mixHash(this.ephemeralKeypair.public); | ||
| if (this.preSharedKeys) this.mixKey(this.ephemeralKeypair.public); | ||
| break; | ||
| case 's': | ||
| pieces.push(this.encryptAndHash(this.staticKeypair.public)); | ||
| break; | ||
| default: | ||
| this._processKeyMixToken(t); | ||
| break; | ||
| } | ||
| }); | ||
| pieces.push(this.encryptAndHash(payload)); | ||
| let packet: Uint8Array; | ||
| if (pieces.length === 1) { | ||
| packet = pieces[0]; | ||
| } else { | ||
| packet = new Uint8Array(pieces.reduce((ac, p) => ac + p.byteLength, 0)); | ||
| let offset = 0; | ||
| pieces.forEach(p => { packet.set(p, offset); offset += p.byteLength; }); | ||
| } | ||
| return { packet, finished: this._split() }; | ||
| } | ||
| readMessage(packet: Uint8Array): { message: Uint8Array, finished: TransportState | null } { | ||
| const take = (n: number): Uint8Array => { | ||
| const bs = packet.slice(0, n); | ||
| packet = packet.subarray(n); | ||
| return bs; | ||
| }; | ||
| this._nextStep().forEach(t => { | ||
| switch (t) { | ||
| case 'e': | ||
| this.remoteEphemeralPublicKey = take(this.algorithms.dhlen); | ||
| this.mixHash(this.remoteEphemeralPublicKey); | ||
| if (this.preSharedKeys) this.mixKey(this.remoteEphemeralPublicKey); | ||
| break; | ||
| case 's': | ||
| this.remoteStaticPublicKey = this.decryptAndHash(take( | ||
| this.algorithms.dhlen + (this.cipherState.view ? 16 : 0))); | ||
| break; | ||
| default: | ||
| this._processKeyMixToken(t); | ||
| break; | ||
| } | ||
| }); | ||
| const message = this.decryptAndHash(packet); | ||
| return { message, finished: this._split() }; | ||
| } | ||
| async completeHandshake(writePacket: (packet: Uint8Array) => Promise<void>, | ||
| readPacket: () => Promise<Uint8Array>, | ||
| handleMessage = async (_m: Uint8Array): Promise<void> => {}, | ||
| produceMessage = async (): Promise<Uint8Array> => new Uint8Array(0)) | ||
| : Promise<TransportState> | ||
| { | ||
| const W = async (): Promise<TransportState> => { | ||
| const { packet, finished } = this.writeMessage(await produceMessage()); | ||
| await writePacket(packet); | ||
| return finished || R(); | ||
| }; | ||
| const R = async (): Promise<TransportState> => { | ||
| const { message, finished } = this.readMessage(await readPacket()); | ||
| await handleMessage(message); | ||
| return finished || W(); | ||
| }; | ||
| return (this.isInitiator ? W() : R()); | ||
| } | ||
| } | ||
| export { Algorithms, matchPattern } from './noise/algorithms'; | ||
| export { CipherState } from './noise/cipherstate'; | ||
| export { Role, HandshakeOptions, TransportState, Handshake } from './noise/handshake'; | ||
| export { | ||
| HandshakePattern, | ||
| KeyMixToken, | ||
| KeyTransferToken, | ||
| PATTERNS, | ||
| PreMessage, | ||
| Token, | ||
| isOneWay, | ||
| lookupPattern, | ||
| } from './noise/patterns'; | ||
| export { Noise_25519_ChaChaPoly_BLAKE2s } from './noise/profiles'; | ||
| export { Rekey } from './noise/rekey'; |
@@ -1,3 +0,2 @@ | ||
| import { AEAD } from '../../dist/salty-crypto.js'; | ||
| const { AEAD_CHACHA20_POLY1305_TAGBYTES, aead_encrypt_detached, aead_decrypt_detached } = AEAD; | ||
| import { ChaCha20Poly1305_RFC8439, Nonce } from '../../dist/salty-crypto.js'; | ||
| import { it, expect } from '../harness'; | ||
@@ -21,6 +20,3 @@ | ||
| const nonce = new DataView(new Uint8Array([ | ||
| 0x07, 0x00, 0x00, 0x00, | ||
| 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, | ||
| ]).buffer); | ||
| const nonce = new Nonce(0x43424140, 0x47464544, 0x7); | ||
@@ -38,4 +34,5 @@ const expectedEncrypted = new Uint8Array([ | ||
| const tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES); | ||
| aead_encrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data); | ||
| const tag = new Uint8Array(ChaCha20Poly1305_RFC8439.TAGBYTES); | ||
| ChaCha20Poly1305_RFC8439.encrypt_detached( | ||
| sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data); | ||
| expect(sunscreen).toEqual(expectedEncrypted); | ||
@@ -48,8 +45,11 @@ expect(tag).toEqual(new Uint8Array([ | ||
| const sunscreen2 = Uint8Array.from(sunscreen); | ||
| expect(aead_decrypt_detached(sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)).toBe(true); | ||
| expect(ChaCha20Poly1305_RFC8439.decrypt_detached( | ||
| sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)) | ||
| .toBe(true); | ||
| expect(new TextDecoder().decode(sunscreen2)).toBe(sunscreen_str); | ||
| tag[0]++; | ||
| expect(aead_decrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false); | ||
| expect(ChaCha20Poly1305_RFC8439.decrypt_detached( | ||
| sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false); | ||
| expect(sunscreen).toEqual(expectedEncrypted); | ||
| }); |
@@ -1,3 +0,2 @@ | ||
| import { BLAKE2 } from '../../dist/salty-crypto.js'; | ||
| const { BLAKE2s } = BLAKE2; | ||
| import { BLAKE2s } from '../../dist/salty-crypto.js'; | ||
| import { it, expect } from '../harness'; | ||
@@ -31,4 +30,4 @@ | ||
| const input = seq(inlen, inlen); | ||
| ctx.update(BLAKE2s.digest(input, outlen)); | ||
| ctx.update(BLAKE2s.digest(input, outlen, seq(outlen, outlen))); | ||
| ctx.update(BLAKE2s.digest(input, void 0, outlen)); | ||
| ctx.update(BLAKE2s.digest(input, seq(outlen, outlen), outlen)); | ||
| }); | ||
@@ -35,0 +34,0 @@ }); |
@@ -1,2 +0,3 @@ | ||
| import { ChaCha20 as ChaCha } from '../../dist/salty-crypto.js'; | ||
| import { ChaCha20, INTERNALS, Nonce } from '../../dist/salty-crypto.js'; | ||
| const { chacha20_quarter_round, chacha20_block } = INTERNALS.cipher.chacha20; | ||
| import { it, expect } from '../harness'; | ||
@@ -10,3 +11,3 @@ | ||
| s[3] = 0x01234567; | ||
| ChaCha.chacha20_quarter_round(s, 0, 1, 2, 3); | ||
| chacha20_quarter_round(s, 0, 1, 2, 3); | ||
| expect(Array.from(s)).toEqual([0xea2a92f4, 0xcb1cf8ce, 0x4581472e, 0x5881c4bb]); | ||
@@ -22,3 +23,3 @@ }); | ||
| ]); | ||
| ChaCha.chacha20_quarter_round(s, 2, 7, 8, 13); | ||
| chacha20_quarter_round(s, 2, 7, 8, 13); | ||
| expect(s).toEqual(Uint32Array.from([ | ||
@@ -33,7 +34,7 @@ 0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a, | ||
| it('chacha20_block', () => { | ||
| const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES); | ||
| const key8 = new Uint8Array(ChaCha20.KEYBYTES); | ||
| for (let i = 0; i < key8.length; i++) key8[i] = i; | ||
| const key = new DataView(key8.buffer); | ||
| const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES); | ||
| const nonce8 = new Uint8Array(ChaCha20.NONCEBYTES); | ||
| nonce8[3] = 0x09; | ||
@@ -45,3 +46,3 @@ nonce8[7] = 0x4a; | ||
| const output = ChaCha.chacha20_block(key, block, nonce); | ||
| const output = chacha20_block(key, block, nonce); | ||
| expect(output).toEqual(Uint32Array.from([ | ||
@@ -56,9 +57,7 @@ 0xe4e7f110, 0x15593bd1, 0x1fdd0f50, 0xc47120a3, | ||
| it('chacha20', () => { | ||
| const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES); | ||
| const key8 = new Uint8Array(ChaCha20.KEYBYTES); | ||
| for (let i = 0; i < key8.length; i++) key8[i] = i; | ||
| const key = new DataView(key8.buffer); | ||
| const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES); | ||
| nonce8[7] = 0x4a; | ||
| const nonce = new DataView(nonce8.buffer); | ||
| const nonce = new Nonce(0x4a000000, 0, 0); | ||
@@ -71,3 +70,3 @@ const initial_counter = 1; | ||
| ChaCha.chacha20(key, nonce, sunscreen, output, initial_counter); | ||
| ChaCha20.stream_xor(key, nonce, sunscreen, output, initial_counter); | ||
| expect(output).toEqual(Uint8Array.from([ | ||
@@ -85,4 +84,4 @@ 0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80, 0x41, 0xba, 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81, | ||
| // Test in-place encryption | ||
| ChaCha.chacha20(key, nonce, sunscreen, sunscreen, initial_counter); | ||
| ChaCha20.stream_xor(key, nonce, sunscreen, sunscreen, initial_counter); | ||
| expect(sunscreen).toEqual(output); | ||
| }); |
@@ -1,14 +0,12 @@ | ||
| import { Noise, Patterns, NoiseProfiles, X25519 } from '../../dist/salty-crypto.js'; | ||
| type DHKeyPair = Noise.DHKeyPair; | ||
| type TransportState = Noise.TransportState; | ||
| type NoiseProtocolAlgorithms = Noise.NoiseProtocolAlgorithms; | ||
| const { NoiseHandshake } = Noise; | ||
| const { isOneWay, lookupPattern } = Patterns; | ||
| const { Noise_25519_ChaChaPoly_BLAKE2s } = NoiseProfiles; | ||
| const { scalarMultBase } = X25519; | ||
| import { | ||
| Algorithms, | ||
| DHKeyPair, | ||
| Handshake, | ||
| INTERNALS, | ||
| Noise_25519_ChaChaPoly_BLAKE2s, | ||
| TransportState, | ||
| isOneWay, | ||
| lookupPattern, | ||
| matchPattern, | ||
| } from '../../dist/salty-crypto.js'; | ||
| import { describe, it, expect } from '../harness'; | ||
@@ -78,3 +76,3 @@ | ||
| return { | ||
| public: scalarMultBase(sk), | ||
| public: INTERNALS.dh.x25519.scalarMultBase(sk), | ||
| secret: sk, | ||
@@ -86,5 +84,5 @@ }; | ||
| async function testsuite_test(t: Test, algorithms: NoiseProtocolAlgorithms) { | ||
| async function testsuite_test(t: Test, algorithms: Algorithms) { | ||
| const isOld = 'name' in t; | ||
| const patternName = algorithms.matchingPattern(isOld ? t.name : t.protocol_name); | ||
| const patternName = matchPattern(algorithms, isOld ? t.name : t.protocol_name); | ||
| if (!patternName) return; | ||
@@ -96,3 +94,3 @@ const pattern = lookupPattern(patternName); | ||
| await it(pattern.name, async () => { | ||
| const I = new NoiseHandshake(algorithms, pattern, 'initiator', { | ||
| const I = new Handshake(algorithms, pattern, 'initiator', { | ||
| prologue: unhex(t.init_prologue), | ||
@@ -104,3 +102,3 @@ staticKeypair: skToKeypair(unhex(t.init_static)), | ||
| }); | ||
| const R = new NoiseHandshake(algorithms, pattern, 'responder', { | ||
| const R = new Handshake(algorithms, pattern, 'responder', { | ||
| prologue: unhex(t.resp_prologue), | ||
@@ -144,3 +142,3 @@ staticKeypair: skToKeypair(unhex(t.resp_static)), | ||
| (async () => { | ||
| const algorithms = new Noise_25519_ChaChaPoly_BLAKE2s(); | ||
| const algorithms = Noise_25519_ChaChaPoly_BLAKE2s; | ||
| const load = (n: string) => JSON.parse(fs.readFileSync(path.join('test-vectors', n), 'utf-8')); | ||
@@ -147,0 +145,0 @@ |
@@ -1,3 +0,2 @@ | ||
| import { Poly1305 as P } from '../../dist/salty-crypto.js'; | ||
| const { Poly1305 } = P; | ||
| import { Poly1305 } from '../../dist/salty-crypto.js'; | ||
@@ -14,3 +13,3 @@ import { it, expect } from '../harness'; | ||
| const message = new TextEncoder().encode("Cryptographic Forum Research Group"); | ||
| expect(Poly1305.digest(key, message)).toEqual(Uint8Array.from([ | ||
| expect(Poly1305.digest(message, key)).toEqual(Uint8Array.from([ | ||
| 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, | ||
@@ -17,0 +16,0 @@ 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9, |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.38%
1725003
- Number of package files
- increased by48.15%
40
- Lines of code
- increased by9.44%
2702
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes