Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
salty-crypto
Advanced tools
salty-crypto - npm Package Compare versions
Comparing version 0.1.1 to 0.1.2
@@ -267,3 +267,2 @@ declare class Nonce { | ||
| algorithms: Algorithms; | ||
| pattern: HandshakePattern; | ||
| role: Role; | ||
@@ -280,3 +279,4 @@ staticKeypair: DHKeyPair; | ||
| hkdf: HKDF; | ||
| constructor(algorithms: Algorithms, pattern: HandshakePattern, role: Role, options?: HandshakeOptions); | ||
| pattern: HandshakePattern; | ||
| constructor(algorithms: Algorithms, pattern: HandshakePattern | string, role: Role, options?: HandshakeOptions); | ||
| get isInitiator(): boolean; | ||
@@ -283,0 +283,0 @@ mixHash(data: Uint8Array): void; |
@@ -1,1 +0,1 @@ | ||
| !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}const r={NAME:"chacha20",KEYBYTES:32,NONCEBYTES:12,BLOCKBYTES:64,stream_xor(t,e,s,i,n=0,a=s.byteLength){const o=function(t){const e=new DataView(new ArrayBuffer(r.NONCEBYTES));return e.setUint32(0,t.extra,!0),e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}(e),l=a>>6,c=63&a;for(let e=0;e<l;e++){const r=h(t,n+e,o);for(let t=0;t<64;t++)i[(e<<6)+t]=s[(e<<6)+t]^r[t>>2]>>((3&t)<<3)}if(0!==c){const e=h(t,n+l,o);for(let t=0;t<c;t++)i[(l<<6)+t]=s[(l<<6)+t]^e[t>>2]>>((3&t)<<3)}}};var n,a=Object.freeze({__proto__:null,ChaCha20:r,chacha20_block:h,chacha20_quarter_round:s});const o=(n=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s){if(this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0,!e)throw new Error("Poly1305: key required");if((null!=s?s:t.OUTBYTES)!==t.OUTBYTES)throw new Error("Poly1305: outlen != OUTBYTES");const i=255&e[0]|(255&e[1])<<8;this.r[0]=8191&i;const h=255&e[2]|(255&e[3])<<8;this.r[1]=8191&(i>>>13|h<<3);const r=255&e[4]|(255&e[5])<<8;this.r[2]=7939&(h>>>10|r<<6);const n=255&e[6]|(255&e[7])<<8;this.r[3]=8191&(r>>>7|n<<9);const a=255&e[8]|(255&e[9])<<8;this.r[4]=255&(n>>>4|a<<12),this.r[5]=a>>>1&8190;const o=255&e[10]|(255&e[11])<<8;this.r[6]=8191&(a>>>14|o<<2);const l=255&e[12]|(255&e[13])<<8;this.r[7]=8065&(o>>>11|l<<5);const c=255&e[14]|(255&e[15])<<8;this.r[8]=8191&(l>>>8|c<<8),this.r[9]=c>>>5&127,this.pad[0]=255&e[16]|(255&e[17])<<8,this.pad[1]=255&e[18]|(255&e[19])<<8,this.pad[2]=255&e[20]|(255&e[21])<<8,this.pad[3]=255&e[22]|(255&e[23])<<8,this.pad[4]=255&e[24]|(255&e[25])<<8,this.pad[5]=255&e[26]|(255&e[27])<<8,this.pad[6]=255&e[28]|(255&e[29])<<8,this.pad[7]=255&e[30]|(255&e[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],l=this.h[5],c=this.h[6],u=this.h[7],f=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],K=this.r[4],b=this.r[5],w=this.r[6],E=this.r[7],_=this.r[8],A=this.r[9];for(;s>=16;){const M=255&t[e+0]|(255&t[e+1])<<8;h+=8191&M;const U=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(M>>>13|U<<3);const v=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(U>>>10|v<<6);const S=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(v>>>7|S<<9);const N=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(S>>>4|N<<12),l+=N>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;c+=8191&(N>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;u+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;f+=8191&(k>>>8|x<<8),y+=x>>>5|i;let T=0,B=T;B+=h*p,B+=r*(5*A),B+=n*(5*_),B+=a*(5*E),B+=o*(5*w),T=B>>>13,B&=8191,B+=l*(5*b),B+=c*(5*K),B+=u*(5*g),B+=f*(5*m),B+=y*(5*d),T+=B>>>13,B&=8191;let P=T;P+=h*d,P+=r*p,P+=n*(5*A),P+=a*(5*_),P+=o*(5*E),T=P>>>13,P&=8191,P+=l*(5*w),P+=c*(5*b),P+=u*(5*K),P+=f*(5*g),P+=y*(5*m),T+=P>>>13,P&=8191;let O=T;O+=h*m,O+=r*d,O+=n*p,O+=a*(5*A),O+=o*(5*_),T=O>>>13,O&=8191,O+=l*(5*E),O+=c*(5*w),O+=u*(5*b),O+=f*(5*K),O+=y*(5*g),T+=O>>>13,O&=8191;let C=T;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*A),T=C>>>13,C&=8191,C+=l*(5*_),C+=c*(5*E),C+=u*(5*w),C+=f*(5*b),C+=y*(5*K),T+=C>>>13,C&=8191;let H=T;H+=h*K,H+=r*g,H+=n*m,H+=a*d,H+=o*p,T=H>>>13,H&=8191,H+=l*(5*A),H+=c*(5*_),H+=u*(5*E),H+=f*(5*w),H+=y*(5*b),T+=H>>>13,H&=8191;let X=T;X+=h*b,X+=r*K,X+=n*g,X+=a*m,X+=o*d,T=X>>>13,X&=8191,X+=l*p,X+=c*(5*A),X+=u*(5*_),X+=f*(5*E),X+=y*(5*w),T+=X>>>13,X&=8191;let Y=T;Y+=h*w,Y+=r*b,Y+=n*K,Y+=a*g,Y+=o*m,T=Y>>>13,Y&=8191,Y+=l*d,Y+=c*p,Y+=u*(5*A),Y+=f*(5*_),Y+=y*(5*E),T+=Y>>>13,Y&=8191;let I=T;I+=h*E,I+=r*w,I+=n*b,I+=a*K,I+=o*g,T=I>>>13,I&=8191,I+=l*m,I+=c*d,I+=u*p,I+=f*(5*A),I+=y*(5*_),T+=I>>>13,I&=8191;let z=T;z+=h*_,z+=r*E,z+=n*w,z+=a*b,z+=o*K,T=z>>>13,z&=8191,z+=l*g,z+=c*m,z+=u*d,z+=f*p,z+=y*(5*A),T+=z>>>13,z&=8191;let j=T;j+=h*A,j+=r*_,j+=n*E,j+=a*w,j+=o*b,T=j>>>13,j&=8191,j+=l*K,j+=c*g,j+=u*m,j+=f*d,j+=y*p,T+=j>>>13,j&=8191,T=(T<<2)+T|0,T=T+B|0,B=8191&T,T>>>=13,P+=T,h=B,r=P,n=O,a=C,o=H,l=X,c=Y,u=I,f=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=l,this.h[6]=c,this.h[7]=u,this.h[8]=f,this.h[9]=y}final(e){if(e||(e=new Uint8Array(t.OUTBYTES)),this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;return e[0]=this.h[0]>>>0&255,e[1]=this.h[0]>>>8&255,e[2]=this.h[1]>>>0&255,e[3]=this.h[1]>>>8&255,e[4]=this.h[2]>>>0&255,e[5]=this.h[2]>>>8&255,e[6]=this.h[3]>>>0&255,e[7]=this.h[3]>>>8&255,e[8]=this.h[4]>>>0&255,e[9]=this.h[4]>>>8&255,e[10]=this.h[5]>>>0&255,e[11]=this.h[5]>>>8&255,e[12]=this.h[6]>>>0&255,e[13]=this.h[6]>>>8&255,e[14]=this.h[7]>>>0&255,e[15]=this.h[7]>>>8&255,e}update(t,e=0,s=t.byteLength){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}},n.NAME="Poly1305",n.KEYBYTES=32,n.OUTBYTES=16,n.BLOCKLEN=16,n);var l=Object.freeze({__proto__:null,Poly1305:o});function c(t,e,s){return 0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(t,e,s)}function u(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function f(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const y=new Uint8Array(0);var p=Object.freeze({__proto__:null,EMPTY:y,append:f,equal:c,xor:u});const d=new Uint8Array(16);function m(t,e){const s=15&e;0!==s&&t.update(d,0,16-s)}function g(t,e,s,i,h,n){const a=new Uint8Array(o.KEYBYTES);r.stream_xor(e,s,a,a,0);const l=new o(a);void 0!==n&&(l.update(n,0,n.byteLength),m(l,n.byteLength)),l.update(i,0,h),m(l,h);const c=new Uint8Array(16),u=new DataView(c.buffer);void 0!==n&&u.setUint32(0,n.byteLength,!0),u.setUint32(8,h,!0),l.update(c,0,c.byteLength),l.final(t)}const K={NAME:"ChaChaPoly",KEYBYTES:32,NONCEBYTES:12,TAGBYTES:16,encrypt_detached(t,e,s,i,h,n,a){r.stream_xor(h,n,t,e,1,s),g(i,h,n,e,s,a)},encrypt:E,decrypt_detached(t,e,s,i,h,n,a){const o=new Uint8Array(this.TAGBYTES);g(o,h,n,e,s,a);const l=c(o,i,o.byteLength);return l&&r.stream_xor(h,n,e,t,1,s),l},decrypt:_};var b=Object.freeze({__proto__:null,ChaCha20Poly1305_RFC8439:K});class w extends Error{}function E(t,e,s,i){const h=new Uint8Array(t.byteLength+this.TAGBYTES);return this.encrypt_detached(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function _(t,e,s,i){const h=new Uint8Array(t.byteLength-this.TAGBYTES);if(!this.decrypt_detached(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new w("AEAD authentication failed");return h}const A=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function M(t){const e=new Uint8Array(t);return A(e,t),e}function U(){return new Float64Array(16)}const v=new Uint8Array(32);v[0]=9;const S=U();function N(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function L(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function k(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function x(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function T(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,l=0,c=0,u=0,f=0,y=0,p=0,d=0,m=0,g=0,K=0,b=0,w=0,E=0,_=0,A=0,M=0,U=0,v=0,S=0,N=0,L=0,k=0,x=0,T=0,B=0;const P=s[0],O=s[1],C=s[2],H=s[3],X=s[4],Y=s[5],I=s[6],z=s[7],j=s[8],D=s[9],R=s[10],V=s[11],F=s[12],$=s[13],q=s[14],G=s[15];let W=e[0];i+=W*P,h+=W*O,r+=W*C,n+=W*H,a+=W*X,o+=W*Y,l+=W*I,c+=W*z,u+=W*j,f+=W*D,y+=W*R,p+=W*V,d+=W*F,m+=W*$,g+=W*q,K+=W*G,W=e[1],h+=W*P,r+=W*O,n+=W*C,a+=W*H,o+=W*X,l+=W*Y,c+=W*I,u+=W*z,f+=W*j,y+=W*D,p+=W*R,d+=W*V,m+=W*F,g+=W*$,K+=W*q,b+=W*G,W=e[2],r+=W*P,n+=W*O,a+=W*C,o+=W*H,l+=W*X,c+=W*Y,u+=W*I,f+=W*z,y+=W*j,p+=W*D,d+=W*R,m+=W*V,g+=W*F,K+=W*$,b+=W*q,w+=W*G,W=e[3],n+=W*P,a+=W*O,o+=W*C,l+=W*H,c+=W*X,u+=W*Y,f+=W*I,y+=W*z,p+=W*j,d+=W*D,m+=W*R,g+=W*V,K+=W*F,b+=W*$,w+=W*q,E+=W*G,W=e[4],a+=W*P,o+=W*O,l+=W*C,c+=W*H,u+=W*X,f+=W*Y,y+=W*I,p+=W*z,d+=W*j,m+=W*D,g+=W*R,K+=W*V,b+=W*F,w+=W*$,E+=W*q,_+=W*G,W=e[5],o+=W*P,l+=W*O,c+=W*C,u+=W*H,f+=W*X,y+=W*Y,p+=W*I,d+=W*z,m+=W*j,g+=W*D,K+=W*R,b+=W*V,w+=W*F,E+=W*$,_+=W*q,A+=W*G,W=e[6],l+=W*P,c+=W*O,u+=W*C,f+=W*H,y+=W*X,p+=W*Y,d+=W*I,m+=W*z,g+=W*j,K+=W*D,b+=W*R,w+=W*V,E+=W*F,_+=W*$,A+=W*q,M+=W*G,W=e[7],c+=W*P,u+=W*O,f+=W*C,y+=W*H,p+=W*X,d+=W*Y,m+=W*I,g+=W*z,K+=W*j,b+=W*D,w+=W*R,E+=W*V,_+=W*F,A+=W*$,M+=W*q,U+=W*G,W=e[8],u+=W*P,f+=W*O,y+=W*C,p+=W*H,d+=W*X,m+=W*Y,g+=W*I,K+=W*z,b+=W*j,w+=W*D,E+=W*R,_+=W*V,A+=W*F,M+=W*$,U+=W*q,v+=W*G,W=e[9],f+=W*P,y+=W*O,p+=W*C,d+=W*H,m+=W*X,g+=W*Y,K+=W*I,b+=W*z,w+=W*j,E+=W*D,_+=W*R,A+=W*V,M+=W*F,U+=W*$,v+=W*q,S+=W*G,W=e[10],y+=W*P,p+=W*O,d+=W*C,m+=W*H,g+=W*X,K+=W*Y,b+=W*I,w+=W*z,E+=W*j,_+=W*D,A+=W*R,M+=W*V,U+=W*F,v+=W*$,S+=W*q,N+=W*G,W=e[11],p+=W*P,d+=W*O,m+=W*C,g+=W*H,K+=W*X,b+=W*Y,w+=W*I,E+=W*z,_+=W*j,A+=W*D,M+=W*R,U+=W*V,v+=W*F,S+=W*$,N+=W*q,L+=W*G,W=e[12],d+=W*P,m+=W*O,g+=W*C,K+=W*H,b+=W*X,w+=W*Y,E+=W*I,_+=W*z,A+=W*j,M+=W*D,U+=W*R,v+=W*V,S+=W*F,N+=W*$,L+=W*q,k+=W*G,W=e[13],m+=W*P,g+=W*O,K+=W*C,b+=W*H,w+=W*X,E+=W*Y,_+=W*I,A+=W*z,M+=W*j,U+=W*D,v+=W*R,S+=W*V,N+=W*F,L+=W*$,k+=W*q,x+=W*G,W=e[14],g+=W*P,K+=W*O,b+=W*C,w+=W*H,E+=W*X,_+=W*Y,A+=W*I,M+=W*z,U+=W*j,v+=W*D,S+=W*R,N+=W*V,L+=W*F,k+=W*$,x+=W*q,T+=W*G,W=e[15],K+=W*P,b+=W*O,w+=W*C,E+=W*H,_+=W*X,A+=W*Y,M+=W*I,U+=W*z,v+=W*j,S+=W*D,N+=W*R,L+=W*V,k+=W*F,x+=W*$,T+=W*q,B+=W*G,i+=38*b,h+=38*w,r+=38*E,n+=38*_,a+=38*A,o+=38*M,l+=38*U,c+=38*v,u+=38*S,f+=38*N,y+=38*L,p+=38*k,d+=38*x,m+=38*T,g+=38*B;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=l,t[7]=c,t[8]=u,t[9]=f,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=K}function B(t,e){T(t,e,e)}function P(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=U(),n=U(),a=U(),o=U(),l=U(),c=U();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;L(r,n,e),L(a,o,e),k(l,r,a),x(r,r,a),k(a,n,o),x(n,n,o),B(o,l),B(c,r),T(r,a,r),T(a,n,l),k(l,r,a),x(r,r,a),B(n,r),x(a,o,c),T(r,a,S),k(r,r,o),T(a,a,r),T(r,o,c),T(o,n,h),B(n,l),L(r,n,e),L(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const u=h.subarray(32),f=h.subarray(16);!function(t,e){const s=U();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)B(s,s),2!==t&&4!==t&&T(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(u,u),T(f,f,u),function(t,e){const s=U(),i=U();for(let t=0;t<16;t++)i[t]=e[t];N(i),N(i),N(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,L(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,f)}function O(t,e){P(t,e,v)}function C(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return P(s,t,e),s}function H(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return O(e,t),e}S[0]=56129,S[1]=1,C.scalarLength=32,C.groupElementLength=32;var X=Object.freeze({__proto__:null,crypto_scalarmult:P,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:O,scalarMult:C,scalarMultBase:H});const Y={NAME:"25519",DHLEN:C.groupElementLength,generateKeypair(){const t=M(C.scalarLength);return{public:H(t),secret:t}},dh:(t,e)=>C(t.secret,e)};var I;function z(t,e){return t>>>e|t<<32-e}function j(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=z(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=z(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],7)}const D=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),R=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function V(t,e){return R[(t<<4)+e]}const F=(I=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s=t.OUTBYTES){var i;this.outlen=s,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(D),this.t=new Uint32Array(2),this.c=0;const h=null!==(i=null==e?void 0:e.byteLength)&&void 0!==i?i:0;if(0==s||s>32||h>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^h<<8^s,e&&h>0&&(this.update(e),this.c=64)}update(t,e=0,s=t.byteLength){for(let i=e;i<e+s;i++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[i]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=D[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)j(e,0,4,8,12,s[V(t,0)],s[V(t,1)]),j(e,1,5,9,13,s[V(t,2)],s[V(t,3)]),j(e,2,6,10,14,s[V(t,4)],s[V(t,5)]),j(e,3,7,11,15,s[V(t,6)],s[V(t,7)]),j(e,0,5,10,15,s[V(t,8)],s[V(t,9)]),j(e,1,6,11,12,s[V(t,10)],s[V(t,11)]),j(e,2,7,8,13,s[V(t,12)],s[V(t,13)]),j(e,3,4,9,14,s[V(t,14)],s[V(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}},I.NAME="BLAKE2s",I.KEYBYTES=32,I.OUTBYTES=32,I.BLOCKLEN=64,I);var $=Object.freeze({__proto__:null,BLAKE2s:F});function q(t){return function(e,s,i){const h=t(e,s),r=t(h,Uint8Array.from([1])),n=t(h,f(r,Uint8Array.from([2])));switch(i){case 2:return[r,n];case 3:return[r,n,t(h,f(n,Uint8Array.from([3])))]}}}function G(t){const e=new Uint8Array(t.BLOCKLEN);e.fill(54);const s=new Uint8Array(t.BLOCKLEN);s.fill(92);const i=(i,h)=>{const r=i.byteLength>t.BLOCKLEN?t.digest(i):i,n=f(r,new Uint8Array(t.BLOCKLEN-r.byteLength));return t.digest(f(u(n,s),t.digest(f(u(n,e),h))))};return i.NAME="HMAC-"+t.NAME,i}function W(t,e){const s=new RegExp(`^Noise_([A-Za-z0-9+]+)_${t.dh.NAME}_${t.aead.NAME}_${t.hash.NAME}$`).exec(e);return null===s?null:s[1]}var Z=Object.freeze({__proto__:null,matchPattern:W});class J{constructor(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}static get MAX(){return new J(4294967295,4294967295)}}function Q(t){return e=>new DataView(t.encrypt(new Uint8Array(32),e,J.MAX).buffer)}var tt=Object.freeze({__proto__:null,makeRekey:Q});class et{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new J,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.encrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.decrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}rekey(){var t;null!==this.view&&(this.view=(null!==(t=this.algorithms.rekey)&&void 0!==t?t:Q(this.algorithms.aead))(this.view))}}var st=Object.freeze({__proto__:null,CipherState:et});class it{constructor(t,e,s,i={}){var h,r,n,a,o,l,c;this.algorithms=t,this.pattern=e,this.role=s,this.stepIndex=0,this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.dh.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.dh.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const u=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dh.NAME+"_"+this.algorithms.aead.NAME+"_"+this.algorithms.hash.NAME);this.cipherState=new et(this.algorithms);{const t=this.algorithms.hash.OUTBYTES,e=u.byteLength>t?this.algorithms.hash.digest(u):u;this.chainingKey=f(e,new Uint8Array(t-e.byteLength))}this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:y),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public))),this.hkdf=null!==(l=this.algorithms.hkdf)&&void 0!==l?l:q(null!==(c=this.algorithms.hmac)&&void 0!==c?c:G(this.algorithms.hash))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash.digest(f(this.handshakeHash,t))}mixKey(t){const[e,s]=this.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new et(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new et(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.hkdf(this.chainingKey,y,2).map((t=>new et(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dh.DHLEN),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dh.DHLEN+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}}var ht=Object.freeze({__proto__:null,Handshake:it});const rt={};function nt(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};rt[h.name]=h}function at(t){return 1===t.baseName.length}nt("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),nt("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),nt("I1N",[["e","s"],["e","ee"],["se"]],[],[]),nt("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),nt("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),nt("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),nt("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),nt("IN",[["e","s"],["e","ee","se"]],[],[]),nt("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),nt("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),nt("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),nt("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),nt("K1N",[["e"],["e","ee"],["se"]],["s"],[]),nt("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),nt("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),nt("K",[["e","es","ss"]],["s"],["s"]),nt("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),nt("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),nt("KN",[["e"],["e","ee","se"]],["s"],[]),nt("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),nt("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),nt("N",[["e","es"]],[],["s"]),nt("NK1",[["e"],["e","ee","es"]],[],["s"]),nt("NK",[["e","es"],["e","ee"]],[],["s"]),nt("NN",[["e"],["e","ee"]],[],[]),nt("NX1",[["e"],["e","ee","s"],["es"]],[],[]),nt("NX",[["e"],["e","ee","s","es"]],[],[]),nt("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),nt("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),nt("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),nt("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),nt("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),nt("X",[["e","es","s","ss"]],[],["s"]),nt("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),nt("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),nt("XN",[["e"],["e","ee"],["s","se"]],[],[]),nt("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),nt("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const ot=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,lt=/^psk([0-9]+)$/;function ct(t){var e,s,i;const h=ot.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=rt[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=lt.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}const ut={dh:Y,aead:K,hash:F};const ft={aead:{chacha20poly1305:b},cipher:{chacha20:a},dh:{x25519:X},hash:{blake2s:$,poly1305:l},noise:{algorithms:Z,cipherstate:st,handshake:ht,patterns:Object.freeze({__proto__:null,PATTERNS:rt,isOneWay:at,lookupPattern:ct}),profiles:Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:ut}),rekey:tt}};t.AuthenticationFailure=w,t.BLAKE2s=F,t.Bytes=p,t.ChaCha20=r,t.ChaCha20Poly1305_RFC8439=K,t.CipherState=et,t.Handshake=it,t.INTERNALS=ft,t.Noise_25519_ChaChaPoly_BLAKE2s=ut,t.Nonce=J,t.PATTERNS=rt,t.Poly1305=o,t.X25519=Y,t._decrypt=_,t._encrypt=E,t._randomBytes=A,t.isOneWay=at,t.lookupPattern=ct,t.makeHKDF=q,t.makeHMAC=G,t.matchPattern=W,t.randomBytes=M})); | ||
| !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).SaltyCrypto={})}(this,(function(t){"use strict";function e(t,e){return t<<e|t>>>32-e}function s(t,s,i,h,r){t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],16),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],12),t[s]+=t[i],t[r]^=t[s],t[r]=e(t[r],8),t[h]+=t[r],t[i]^=t[h],t[i]=e(t[i],7)}function i(t,e,s,i){t[0]+=1634760805,t[1]+=857760878,t[2]+=2036477234,t[3]+=1797285236,t[4]+=e.getUint32(0,!0),t[5]+=e.getUint32(4,!0),t[6]+=e.getUint32(8,!0),t[7]+=e.getUint32(12,!0),t[8]+=e.getUint32(16,!0),t[9]+=e.getUint32(20,!0),t[10]+=e.getUint32(24,!0),t[11]+=e.getUint32(28,!0),t[12]+=s,t[13]+=i.getUint32(0,!0),t[14]+=i.getUint32(4,!0),t[15]+=i.getUint32(8,!0)}function h(t,e,h){const r=new Uint32Array(16);i(r,t,e,h);for(let t=0;t<20;t+=2)s(r,0,4,8,12),s(r,1,5,9,13),s(r,2,6,10,14),s(r,3,7,11,15),s(r,0,5,10,15),s(r,1,6,11,12),s(r,2,7,8,13),s(r,3,4,9,14);return i(r,t,e,h),r}const r={NAME:"chacha20",KEYBYTES:32,NONCEBYTES:12,BLOCKBYTES:64,stream_xor(t,e,s,i,n=0,a=s.byteLength){const o=function(t){const e=new DataView(new ArrayBuffer(r.NONCEBYTES));return e.setUint32(0,t.extra,!0),e.setUint32(4,t.lo,!0),e.setUint32(8,t.hi,!0),e}(e),l=a>>6,c=63&a;for(let e=0;e<l;e++){const r=h(t,n+e,o);for(let t=0;t<64;t++)i[(e<<6)+t]=s[(e<<6)+t]^r[t>>2]>>((3&t)<<3)}if(0!==c){const e=h(t,n+l,o);for(let t=0;t<c;t++)i[(l<<6)+t]=s[(l<<6)+t]^e[t>>2]>>((3&t)<<3)}}};var n,a=Object.freeze({__proto__:null,ChaCha20:r,chacha20_block:h,chacha20_quarter_round:s});const o=(n=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s){if(this.buffer=new Uint8Array(16),this.r=new Uint16Array(10),this.h=new Uint16Array(10),this.pad=new Uint16Array(8),this.leftover=0,this.fin=0,!e)throw new Error("Poly1305: key required");if((null!=s?s:t.OUTBYTES)!==t.OUTBYTES)throw new Error("Poly1305: outlen != OUTBYTES");const i=255&e[0]|(255&e[1])<<8;this.r[0]=8191&i;const h=255&e[2]|(255&e[3])<<8;this.r[1]=8191&(i>>>13|h<<3);const r=255&e[4]|(255&e[5])<<8;this.r[2]=7939&(h>>>10|r<<6);const n=255&e[6]|(255&e[7])<<8;this.r[3]=8191&(r>>>7|n<<9);const a=255&e[8]|(255&e[9])<<8;this.r[4]=255&(n>>>4|a<<12),this.r[5]=a>>>1&8190;const o=255&e[10]|(255&e[11])<<8;this.r[6]=8191&(a>>>14|o<<2);const l=255&e[12]|(255&e[13])<<8;this.r[7]=8065&(o>>>11|l<<5);const c=255&e[14]|(255&e[15])<<8;this.r[8]=8191&(l>>>8|c<<8),this.r[9]=c>>>5&127,this.pad[0]=255&e[16]|(255&e[17])<<8,this.pad[1]=255&e[18]|(255&e[19])<<8,this.pad[2]=255&e[20]|(255&e[21])<<8,this.pad[3]=255&e[22]|(255&e[23])<<8,this.pad[4]=255&e[24]|(255&e[25])<<8,this.pad[5]=255&e[26]|(255&e[27])<<8,this.pad[6]=255&e[28]|(255&e[29])<<8,this.pad[7]=255&e[30]|(255&e[31])<<8}blocks(t,e,s){const i=this.fin?0:2048;let h=this.h[0],r=this.h[1],n=this.h[2],a=this.h[3],o=this.h[4],l=this.h[5],c=this.h[6],f=this.h[7],u=this.h[8],y=this.h[9],p=this.r[0],d=this.r[1],m=this.r[2],g=this.r[3],K=this.r[4],b=this.r[5],w=this.r[6],E=this.r[7],_=this.r[8],A=this.r[9];for(;s>=16;){const M=255&t[e+0]|(255&t[e+1])<<8;h+=8191&M;const U=255&t[e+2]|(255&t[e+3])<<8;r+=8191&(M>>>13|U<<3);const v=255&t[e+4]|(255&t[e+5])<<8;n+=8191&(U>>>10|v<<6);const N=255&t[e+6]|(255&t[e+7])<<8;a+=8191&(v>>>7|N<<9);const S=255&t[e+8]|(255&t[e+9])<<8;o+=8191&(N>>>4|S<<12),l+=S>>>1&8191;const L=255&t[e+10]|(255&t[e+11])<<8;c+=8191&(S>>>14|L<<2);const k=255&t[e+12]|(255&t[e+13])<<8;f+=8191&(L>>>11|k<<5);const x=255&t[e+14]|(255&t[e+15])<<8;u+=8191&(k>>>8|x<<8),y+=x>>>5|i;let T=0,B=T;B+=h*p,B+=r*(5*A),B+=n*(5*_),B+=a*(5*E),B+=o*(5*w),T=B>>>13,B&=8191,B+=l*(5*b),B+=c*(5*K),B+=f*(5*g),B+=u*(5*m),B+=y*(5*d),T+=B>>>13,B&=8191;let P=T;P+=h*d,P+=r*p,P+=n*(5*A),P+=a*(5*_),P+=o*(5*E),T=P>>>13,P&=8191,P+=l*(5*w),P+=c*(5*b),P+=f*(5*K),P+=u*(5*g),P+=y*(5*m),T+=P>>>13,P&=8191;let O=T;O+=h*m,O+=r*d,O+=n*p,O+=a*(5*A),O+=o*(5*_),T=O>>>13,O&=8191,O+=l*(5*E),O+=c*(5*w),O+=f*(5*b),O+=u*(5*K),O+=y*(5*g),T+=O>>>13,O&=8191;let C=T;C+=h*g,C+=r*m,C+=n*d,C+=a*p,C+=o*(5*A),T=C>>>13,C&=8191,C+=l*(5*_),C+=c*(5*E),C+=f*(5*w),C+=u*(5*b),C+=y*(5*K),T+=C>>>13,C&=8191;let H=T;H+=h*K,H+=r*g,H+=n*m,H+=a*d,H+=o*p,T=H>>>13,H&=8191,H+=l*(5*A),H+=c*(5*_),H+=f*(5*E),H+=u*(5*w),H+=y*(5*b),T+=H>>>13,H&=8191;let X=T;X+=h*b,X+=r*K,X+=n*g,X+=a*m,X+=o*d,T=X>>>13,X&=8191,X+=l*p,X+=c*(5*A),X+=f*(5*_),X+=u*(5*E),X+=y*(5*w),T+=X>>>13,X&=8191;let Y=T;Y+=h*w,Y+=r*b,Y+=n*K,Y+=a*g,Y+=o*m,T=Y>>>13,Y&=8191,Y+=l*d,Y+=c*p,Y+=f*(5*A),Y+=u*(5*_),Y+=y*(5*E),T+=Y>>>13,Y&=8191;let I=T;I+=h*E,I+=r*w,I+=n*b,I+=a*K,I+=o*g,T=I>>>13,I&=8191,I+=l*m,I+=c*d,I+=f*p,I+=u*(5*A),I+=y*(5*_),T+=I>>>13,I&=8191;let z=T;z+=h*_,z+=r*E,z+=n*w,z+=a*b,z+=o*K,T=z>>>13,z&=8191,z+=l*g,z+=c*m,z+=f*d,z+=u*p,z+=y*(5*A),T+=z>>>13,z&=8191;let j=T;j+=h*A,j+=r*_,j+=n*E,j+=a*w,j+=o*b,T=j>>>13,j&=8191,j+=l*K,j+=c*g,j+=f*m,j+=u*d,j+=y*p,T+=j>>>13,j&=8191,T=(T<<2)+T|0,T=T+B|0,B=8191&T,T>>>=13,P+=T,h=B,r=P,n=O,a=C,o=H,l=X,c=Y,f=I,u=z,y=j,e+=16,s-=16}this.h[0]=h,this.h[1]=r,this.h[2]=n,this.h[3]=a,this.h[4]=o,this.h[5]=l,this.h[6]=c,this.h[7]=f,this.h[8]=u,this.h[9]=y}final(e){if(e||(e=new Uint8Array(t.OUTBYTES)),this.leftover){let t=this.leftover;for(this.buffer[t++]=1;t<16;t++)this.buffer[t]=0;this.fin=1,this.blocks(this.buffer,0,16)}let s=this.h[1]>>>13;this.h[1]&=8191;for(let t=2;t<10;t++)this.h[t]+=s,s=this.h[t]>>>13,this.h[t]&=8191;this.h[0]+=5*s,s=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=s,s=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=s;const i=new Uint16Array(10);i[0]=this.h[0]+5,s=i[0]>>>13,i[0]&=8191;for(let t=1;t<10;t++)i[t]=this.h[t]+s,s=i[t]>>>13,i[t]&=8191;i[9]-=8192;let h=(1^s)-1;for(let t=0;t<10;t++)i[t]&=h;h=~h;for(let t=0;t<10;t++)this.h[t]=this.h[t]&h|i[t];this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5);let r=this.h[0]+this.pad[0];this.h[0]=65535&r;for(let t=1;t<8;t++)r=(this.h[t]+this.pad[t]|0)+(r>>>16)|0,this.h[t]=65535&r;return e[0]=this.h[0]>>>0&255,e[1]=this.h[0]>>>8&255,e[2]=this.h[1]>>>0&255,e[3]=this.h[1]>>>8&255,e[4]=this.h[2]>>>0&255,e[5]=this.h[2]>>>8&255,e[6]=this.h[3]>>>0&255,e[7]=this.h[3]>>>8&255,e[8]=this.h[4]>>>0&255,e[9]=this.h[4]>>>8&255,e[10]=this.h[5]>>>0&255,e[11]=this.h[5]>>>8&255,e[12]=this.h[6]>>>0&255,e[13]=this.h[6]>>>8&255,e[14]=this.h[7]>>>0&255,e[15]=this.h[7]>>>8&255,e}update(t,e=0,s=t.byteLength){if(this.leftover){let i=16-this.leftover;i>s&&(i=s);for(let s=0;s<i;s++)this.buffer[this.leftover+s]=t[e+s];if(s-=i,e+=i,this.leftover+=i,this.leftover<16)return;this.blocks(this.buffer,0,16),this.leftover=0}if(s>=16){const i=s-s%16;this.blocks(t,e,i),e+=i,s-=i}if(s){for(let i=0;i<s;i++)this.buffer[this.leftover+i]=t[e+i];this.leftover+=s}}},n.NAME="Poly1305",n.KEYBYTES=32,n.OUTBYTES=16,n.BLOCKLEN=16,n);var l=Object.freeze({__proto__:null,Poly1305:o});function c(t,e,s){return 0===function(t,e,s){let i=0;for(let h=0;h<s;h++)i|=t[h]^e[h];return(1&i-1>>>8)-1}(t,e,s)}function f(t,e){const s=Math.min(t.byteLength,e.byteLength),i=new Uint8Array(s);for(let h=0;h<s;h++)i[h]=t[h]^e[h];return i}function u(t,e){const s=new Uint8Array(t.byteLength+e.byteLength);return s.set(t,0),s.set(e,t.byteLength),s}const y=new Uint8Array(0);var p=Object.freeze({__proto__:null,EMPTY:y,append:u,equal:c,xor:f});const d=new Uint8Array(16);function m(t,e){const s=15&e;0!==s&&t.update(d,0,16-s)}function g(t,e,s,i,h,n){const a=new Uint8Array(o.KEYBYTES);r.stream_xor(e,s,a,a,0);const l=new o(a);void 0!==n&&(l.update(n,0,n.byteLength),m(l,n.byteLength)),l.update(i,0,h),m(l,h);const c=new Uint8Array(16),f=new DataView(c.buffer);void 0!==n&&f.setUint32(0,n.byteLength,!0),f.setUint32(8,h,!0),l.update(c,0,c.byteLength),l.final(t)}const K={NAME:"ChaChaPoly",KEYBYTES:32,NONCEBYTES:12,TAGBYTES:16,encrypt_detached(t,e,s,i,h,n,a){r.stream_xor(h,n,t,e,1,s),g(i,h,n,e,s,a)},encrypt:E,decrypt_detached(t,e,s,i,h,n,a){const o=new Uint8Array(this.TAGBYTES);g(o,h,n,e,s,a);const l=c(o,i,o.byteLength);return l&&r.stream_xor(h,n,e,t,1,s),l},decrypt:_};var b=Object.freeze({__proto__:null,ChaCha20Poly1305_RFC8439:K});class w extends Error{}function E(t,e,s,i){const h=new Uint8Array(t.byteLength+this.TAGBYTES);return this.encrypt_detached(t,h,t.byteLength,h.subarray(t.byteLength),e,s,i),h}function _(t,e,s,i){const h=new Uint8Array(t.byteLength-this.TAGBYTES);if(!this.decrypt_detached(h,t,h.byteLength,t.subarray(h.byteLength),e,s,i))throw new w("AEAD authentication failed");return h}const A=(()=>{var t="undefined"!=typeof self?self.crypto||self.msCrypto:null;if(t&&t.getRandomValues){const e=65536;return(s,i)=>{for(let h=0;h<i;h+=e)t.getRandomValues(s.subarray(h,h+Math.min(i-h,e)))}}if("undefined"!=typeof require&&(t=require("crypto"))&&t.randomBytes)return(e,s)=>e.set(t.randomBytes(s));throw new Error("No usable randomness source found")})();function M(t){const e=new Uint8Array(t);return A(e,t),e}function U(){return new Float64Array(16)}const v=new Uint8Array(32);v[0]=9;const N=U();function S(t){let e=1;for(let s=0;s<16;s++){const i=t[s]+e+65535;e=Math.floor(i/65536),t[s]=i-65536*e}t[0]+=e-1+37*(e-1)}function L(t,e,s){const i=~(s-1);for(let s=0;s<16;s++){const h=i&(t[s]^e[s]);t[s]^=h,e[s]^=h}}function k(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]+s[i]}function x(t,e,s){for(let i=0;i<16;i++)t[i]=e[i]-s[i]}function T(t,e,s){let i=0,h=0,r=0,n=0,a=0,o=0,l=0,c=0,f=0,u=0,y=0,p=0,d=0,m=0,g=0,K=0,b=0,w=0,E=0,_=0,A=0,M=0,U=0,v=0,N=0,S=0,L=0,k=0,x=0,T=0,B=0;const P=s[0],O=s[1],C=s[2],H=s[3],X=s[4],Y=s[5],I=s[6],z=s[7],j=s[8],D=s[9],R=s[10],V=s[11],F=s[12],$=s[13],q=s[14],G=s[15];let W=e[0];i+=W*P,h+=W*O,r+=W*C,n+=W*H,a+=W*X,o+=W*Y,l+=W*I,c+=W*z,f+=W*j,u+=W*D,y+=W*R,p+=W*V,d+=W*F,m+=W*$,g+=W*q,K+=W*G,W=e[1],h+=W*P,r+=W*O,n+=W*C,a+=W*H,o+=W*X,l+=W*Y,c+=W*I,f+=W*z,u+=W*j,y+=W*D,p+=W*R,d+=W*V,m+=W*F,g+=W*$,K+=W*q,b+=W*G,W=e[2],r+=W*P,n+=W*O,a+=W*C,o+=W*H,l+=W*X,c+=W*Y,f+=W*I,u+=W*z,y+=W*j,p+=W*D,d+=W*R,m+=W*V,g+=W*F,K+=W*$,b+=W*q,w+=W*G,W=e[3],n+=W*P,a+=W*O,o+=W*C,l+=W*H,c+=W*X,f+=W*Y,u+=W*I,y+=W*z,p+=W*j,d+=W*D,m+=W*R,g+=W*V,K+=W*F,b+=W*$,w+=W*q,E+=W*G,W=e[4],a+=W*P,o+=W*O,l+=W*C,c+=W*H,f+=W*X,u+=W*Y,y+=W*I,p+=W*z,d+=W*j,m+=W*D,g+=W*R,K+=W*V,b+=W*F,w+=W*$,E+=W*q,_+=W*G,W=e[5],o+=W*P,l+=W*O,c+=W*C,f+=W*H,u+=W*X,y+=W*Y,p+=W*I,d+=W*z,m+=W*j,g+=W*D,K+=W*R,b+=W*V,w+=W*F,E+=W*$,_+=W*q,A+=W*G,W=e[6],l+=W*P,c+=W*O,f+=W*C,u+=W*H,y+=W*X,p+=W*Y,d+=W*I,m+=W*z,g+=W*j,K+=W*D,b+=W*R,w+=W*V,E+=W*F,_+=W*$,A+=W*q,M+=W*G,W=e[7],c+=W*P,f+=W*O,u+=W*C,y+=W*H,p+=W*X,d+=W*Y,m+=W*I,g+=W*z,K+=W*j,b+=W*D,w+=W*R,E+=W*V,_+=W*F,A+=W*$,M+=W*q,U+=W*G,W=e[8],f+=W*P,u+=W*O,y+=W*C,p+=W*H,d+=W*X,m+=W*Y,g+=W*I,K+=W*z,b+=W*j,w+=W*D,E+=W*R,_+=W*V,A+=W*F,M+=W*$,U+=W*q,v+=W*G,W=e[9],u+=W*P,y+=W*O,p+=W*C,d+=W*H,m+=W*X,g+=W*Y,K+=W*I,b+=W*z,w+=W*j,E+=W*D,_+=W*R,A+=W*V,M+=W*F,U+=W*$,v+=W*q,N+=W*G,W=e[10],y+=W*P,p+=W*O,d+=W*C,m+=W*H,g+=W*X,K+=W*Y,b+=W*I,w+=W*z,E+=W*j,_+=W*D,A+=W*R,M+=W*V,U+=W*F,v+=W*$,N+=W*q,S+=W*G,W=e[11],p+=W*P,d+=W*O,m+=W*C,g+=W*H,K+=W*X,b+=W*Y,w+=W*I,E+=W*z,_+=W*j,A+=W*D,M+=W*R,U+=W*V,v+=W*F,N+=W*$,S+=W*q,L+=W*G,W=e[12],d+=W*P,m+=W*O,g+=W*C,K+=W*H,b+=W*X,w+=W*Y,E+=W*I,_+=W*z,A+=W*j,M+=W*D,U+=W*R,v+=W*V,N+=W*F,S+=W*$,L+=W*q,k+=W*G,W=e[13],m+=W*P,g+=W*O,K+=W*C,b+=W*H,w+=W*X,E+=W*Y,_+=W*I,A+=W*z,M+=W*j,U+=W*D,v+=W*R,N+=W*V,S+=W*F,L+=W*$,k+=W*q,x+=W*G,W=e[14],g+=W*P,K+=W*O,b+=W*C,w+=W*H,E+=W*X,_+=W*Y,A+=W*I,M+=W*z,U+=W*j,v+=W*D,N+=W*R,S+=W*V,L+=W*F,k+=W*$,x+=W*q,T+=W*G,W=e[15],K+=W*P,b+=W*O,w+=W*C,E+=W*H,_+=W*X,A+=W*Y,M+=W*I,U+=W*z,v+=W*j,N+=W*D,S+=W*R,L+=W*V,k+=W*F,x+=W*$,T+=W*q,B+=W*G,i+=38*b,h+=38*w,r+=38*E,n+=38*_,a+=38*A,o+=38*M,l+=38*U,c+=38*v,f+=38*N,u+=38*S,y+=38*L,p+=38*k,d+=38*x,m+=38*T,g+=38*B;let Z=1;W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),Z=1,W=i+Z+65535,Z=Math.floor(W/65536),i=W-65536*Z,W=h+Z+65535,Z=Math.floor(W/65536),h=W-65536*Z,W=r+Z+65535,Z=Math.floor(W/65536),r=W-65536*Z,W=n+Z+65535,Z=Math.floor(W/65536),n=W-65536*Z,W=a+Z+65535,Z=Math.floor(W/65536),a=W-65536*Z,W=o+Z+65535,Z=Math.floor(W/65536),o=W-65536*Z,W=l+Z+65535,Z=Math.floor(W/65536),l=W-65536*Z,W=c+Z+65535,Z=Math.floor(W/65536),c=W-65536*Z,W=f+Z+65535,Z=Math.floor(W/65536),f=W-65536*Z,W=u+Z+65535,Z=Math.floor(W/65536),u=W-65536*Z,W=y+Z+65535,Z=Math.floor(W/65536),y=W-65536*Z,W=p+Z+65535,Z=Math.floor(W/65536),p=W-65536*Z,W=d+Z+65535,Z=Math.floor(W/65536),d=W-65536*Z,W=m+Z+65535,Z=Math.floor(W/65536),m=W-65536*Z,W=g+Z+65535,Z=Math.floor(W/65536),g=W-65536*Z,W=K+Z+65535,Z=Math.floor(W/65536),K=W-65536*Z,i+=Z-1+37*(Z-1),t[0]=i,t[1]=h,t[2]=r,t[3]=n,t[4]=a,t[5]=o,t[6]=l,t[7]=c,t[8]=f,t[9]=u,t[10]=y,t[11]=p,t[12]=d,t[13]=m,t[14]=g,t[15]=K}function B(t,e){T(t,e,e)}function P(t,e,s){const i=new Uint8Array(32),h=new Float64Array(80),r=U(),n=U(),a=U(),o=U(),l=U(),c=U();for(let t=0;t<31;t++)i[t]=e[t];i[31]=127&e[31]|64,i[0]&=248,function(t,e){for(let s=0;s<16;s++)t[s]=e[2*s]+(e[2*s+1]<<8);t[15]&=32767}(h,s);for(let t=0;t<16;t++)n[t]=h[t],o[t]=r[t]=a[t]=0;r[0]=o[0]=1;for(let t=254;t>=0;--t){const e=i[t>>>3]>>>(7&t)&1;L(r,n,e),L(a,o,e),k(l,r,a),x(r,r,a),k(a,n,o),x(n,n,o),B(o,l),B(c,r),T(r,a,r),T(a,n,l),k(l,r,a),x(r,r,a),B(n,r),x(a,o,c),T(r,a,N),k(r,r,o),T(a,a,r),T(r,o,c),T(o,n,h),B(n,l),L(r,n,e),L(a,o,e)}for(let t=0;t<16;t++)h[t+16]=r[t],h[t+32]=a[t],h[t+48]=n[t],h[t+64]=o[t];const f=h.subarray(32),u=h.subarray(16);!function(t,e){const s=U();for(let t=0;t<16;t++)s[t]=e[t];for(let t=253;t>=0;t--)B(s,s),2!==t&&4!==t&&T(s,s,e);for(let e=0;e<16;e++)t[e]=s[e]}(f,f),T(u,u,f),function(t,e){const s=U(),i=U();for(let t=0;t<16;t++)i[t]=e[t];S(i),S(i),S(i);for(let t=0;t<2;t++){s[0]=i[0]-65517;for(let t=1;t<15;t++)s[t]=i[t]-65535-(s[t-1]>>16&1),s[t-1]&=65535;s[15]=i[15]-32767-(s[14]>>16&1);const t=s[15]>>16&1;s[14]&=65535,L(i,s,1-t)}for(let e=0;e<16;e++)t[2*e]=255&i[e],t[2*e+1]=i[e]>>8}(t,u)}function O(t,e){P(t,e,v)}function C(t,e){if(32!==t.length)throw new Error("bad n size");if(32!==e.length)throw new Error("bad p size");const s=new Uint8Array(32);return P(s,t,e),s}function H(t){if(32!==t.length)throw new Error("bad n size");const e=new Uint8Array(32);return O(e,t),e}N[0]=56129,N[1]=1,C.scalarLength=32,C.groupElementLength=32;var X=Object.freeze({__proto__:null,crypto_scalarmult:P,crypto_scalarmult_BYTES:32,crypto_scalarmult_SCALARBYTES:32,crypto_scalarmult_base:O,scalarMult:C,scalarMultBase:H});const Y={NAME:"25519",DHLEN:C.groupElementLength,generateKeypair(){const t=M(C.scalarLength);return{public:H(t),secret:t}},dh:(t,e)=>C(t.secret,e)};var I;function z(t,e){return t>>>e|t<<32-e}function j(t,e,s,i,h,r,n){t[e]=t[e]+t[s]+r,t[h]=z(t[h]^t[e],16),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],12),t[e]=t[e]+t[s]+n,t[h]=z(t[h]^t[e],8),t[i]=t[i]+t[h],t[s]=z(t[s]^t[i],7)}const D=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),R=Uint8Array.from([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,14,10,4,8,9,15,13,6,1,12,0,2,11,7,5,3,11,8,12,0,5,2,15,13,10,14,3,6,7,1,9,4,7,9,3,1,13,12,11,14,2,6,5,10,4,0,15,8,9,0,5,7,2,4,10,15,14,1,11,12,6,8,3,13,2,12,6,10,0,11,8,3,4,13,7,5,15,14,1,9,12,5,1,15,14,13,4,10,0,7,6,3,9,2,8,11,13,11,7,14,12,1,3,9,5,0,15,4,8,6,2,10,6,15,14,9,11,3,0,8,12,2,13,7,1,4,10,5,10,2,8,4,7,6,1,5,15,11,9,14,3,12,13,0]);function V(t,e){return R[(t<<4)+e]}const F=(I=class t{static digest(e,s,i){const h=new t(s,i);return h.update(e),h.final()}constructor(e,s=t.OUTBYTES){var i;this.outlen=s,this.b=new Uint8Array(64),this.bv=new DataView(this.b.buffer),this.h=Uint32Array.from(D),this.t=new Uint32Array(2),this.c=0;const h=null!==(i=null==e?void 0:e.byteLength)&&void 0!==i?i:0;if(0==s||s>32||h>32)throw new Error("illegal BLAKE2s parameter length(s)");this.h[0]^=16842752^h<<8^s,e&&h>0&&(this.update(e),this.c=64)}update(t,e=0,s=t.byteLength){for(let i=e;i<e+s;i++)64==this.c&&(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++,this.compress(!1),this.c=0),this.b[this.c++]=t[i]}final(t){for(this.t[0]+=this.c,this.t[0]<this.c&&this.t[1]++;this.c<64;)this.b[this.c++]=0;this.compress(!0),void 0===t&&(t=new Uint8Array(this.outlen));for(let e=0;e<this.outlen;e++)t[e]=this.h[e>>2]>>8*(3&e)&255;return t}compress(t){const e=new Uint32Array(16),s=new Uint32Array(16);for(let t=0;t<8;t++)e[t]=this.h[t],e[t+8]=D[t];e[12]^=this.t[0],e[13]^=this.t[1],t&&(e[14]=~e[14]);for(let t=0;t<16;t++)s[t]=this.bv.getUint32(t<<2,!0);for(let t=0;t<10;t++)j(e,0,4,8,12,s[V(t,0)],s[V(t,1)]),j(e,1,5,9,13,s[V(t,2)],s[V(t,3)]),j(e,2,6,10,14,s[V(t,4)],s[V(t,5)]),j(e,3,7,11,15,s[V(t,6)],s[V(t,7)]),j(e,0,5,10,15,s[V(t,8)],s[V(t,9)]),j(e,1,6,11,12,s[V(t,10)],s[V(t,11)]),j(e,2,7,8,13,s[V(t,12)],s[V(t,13)]),j(e,3,4,9,14,s[V(t,14)],s[V(t,15)]);for(let t=0;t<8;t++)this.h[t]^=e[t]^e[t+8]}},I.NAME="BLAKE2s",I.KEYBYTES=32,I.OUTBYTES=32,I.BLOCKLEN=64,I);var $=Object.freeze({__proto__:null,BLAKE2s:F});function q(t){return function(e,s,i){const h=t(e,s),r=t(h,Uint8Array.from([1])),n=t(h,u(r,Uint8Array.from([2])));switch(i){case 2:return[r,n];case 3:return[r,n,t(h,u(n,Uint8Array.from([3])))]}}}function G(t){const e=new Uint8Array(t.BLOCKLEN);e.fill(54);const s=new Uint8Array(t.BLOCKLEN);s.fill(92);const i=(i,h)=>{const r=i.byteLength>t.BLOCKLEN?t.digest(i):i,n=u(r,new Uint8Array(t.BLOCKLEN-r.byteLength));return t.digest(u(f(n,s),t.digest(u(f(n,e),h))))};return i.NAME="HMAC-"+t.NAME,i}function W(t,e){const s=new RegExp(`^Noise_([A-Za-z0-9+]+)_${t.dh.NAME}_${t.aead.NAME}_${t.hash.NAME}$`).exec(e);return null===s?null:s[1]}var Z=Object.freeze({__proto__:null,matchPattern:W});class J{constructor(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}increment(){const t=this.lo,e=t+1|0;this.lo=e,e<t&&(this.hi=this.hi+1|0)}reset(t=0,e=0,s=0){this.lo=t,this.hi=e,this.extra=s}static get MAX(){return new J(4294967295,4294967295)}}function Q(t){return e=>new DataView(t.encrypt(new Uint8Array(32),e,J.MAX).buffer)}var tt=Object.freeze({__proto__:null,makeRekey:Q});class et{constructor(t,e){this.algorithms=t,this.view=null,this.nonce=new J,void 0!==e&&(this.view=new DataView(e.buffer))}encrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.encrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}decrypt(t,e){if(null===this.view)return t;const s=this.algorithms.aead.decrypt(t,this.view,this.nonce,e);return this.nonce.increment(),s}rekey(){var t;null!==this.view&&(this.view=(null!==(t=this.algorithms.rekey)&&void 0!==t?t:Q(this.algorithms.aead))(this.view))}}var st=Object.freeze({__proto__:null,CipherState:et});const it={};function ht(t,e,s,i){const h={name:t,baseName:t,messages:e,initiatorPreMessage:s,responderPreMessage:i};it[h.name]=h}function rt(t){return 1===t.baseName.length}ht("I1K1",[["e","s"],["e","ee","es"],["se"]],[],["s"]),ht("I1K",[["e","es","s"],["e","ee"],["se"]],[],["s"]),ht("I1N",[["e","s"],["e","ee"],["se"]],[],[]),ht("I1X1",[["e","s"],["e","ee","s"],["se","es"]],[],[]),ht("I1X",[["e","s"],["e","ee","s","es"],["se"]],[],[]),ht("IK1",[["e","s"],["e","ee","se","es"]],[],["s"]),ht("IK",[["e","es","s","ss"],["e","ee","se"]],[],["s"]),ht("IN",[["e","s"],["e","ee","se"]],[],[]),ht("IX1",[["e","s"],["e","ee","se","s"],["es"]],[],[]),ht("IX",[["e","s"],["e","ee","se","s","es"]],[],[]),ht("K1K1",[["e"],["e","ee","es"],["se"]],["s"],["s"]),ht("K1K",[["e","es"],["e","ee"],["se"]],["s"],["s"]),ht("K1N",[["e"],["e","ee"],["se"]],["s"],[]),ht("K1X1",[["e"],["e","ee","s"],["se","es"]],["s"],[]),ht("K1X",[["e"],["e","ee","s","es"],["se"]],["s"],[]),ht("K",[["e","es","ss"]],["s"],["s"]),ht("KK1",[["e"],["e","ee","se","es"]],["s"],["s"]),ht("KK",[["e","es","ss"],["e","ee","se"]],["s"],["s"]),ht("KN",[["e"],["e","ee","se"]],["s"],[]),ht("KX1",[["e"],["e","ee","se","s"],["es"]],["s"],[]),ht("KX",[["e"],["e","ee","se","s","es"]],["s"],[]),ht("N",[["e","es"]],[],["s"]),ht("NK1",[["e"],["e","ee","es"]],[],["s"]),ht("NK",[["e","es"],["e","ee"]],[],["s"]),ht("NN",[["e"],["e","ee"]],[],[]),ht("NX1",[["e"],["e","ee","s"],["es"]],[],[]),ht("NX",[["e"],["e","ee","s","es"]],[],[]),ht("X1K1",[["e"],["e","ee","es"],["s"],["se"]],[],["s"]),ht("X1K",[["e","es"],["e","ee"],["s"],["se"]],[],["s"]),ht("X1N",[["e"],["e","ee"],["s"],["se"]],[],[]),ht("X1X1",[["e"],["e","ee","s"],["es","s"],["se"]],[],[]),ht("X1X",[["e"],["e","ee","s","es"],["s"],["se"]],[],[]),ht("X",[["e","es","s","ss"]],[],["s"]),ht("XK1",[["e"],["e","ee","es"],["s","se"]],[],["s"]),ht("XK",[["e","es"],["e","ee"],["s","se"]],[],["s"]),ht("XN",[["e"],["e","ee"],["s","se"]],[],[]),ht("XX1",[["e"],["e","ee","s"],["es","s","se"]],[],[]),ht("XX",[["e"],["e","ee","s","es"],["s","se"]],[],[]);const nt=/^([NKX]|[NKXI]1?[NKX]1?)([a-z][a-z0-9]*(\+[a-z][a-z0-9]*)*)?$/,at=/^psk([0-9]+)$/;function ot(t){var e,s,i;const h=nt.exec(t);if(null===h)return null;const r=null!==(s=null===(e=h[2])||void 0===e?void 0:e.split("+"))&&void 0!==s?s:[];let n=null!==(i=it[h[1]])&&void 0!==i?i:null;return n?(r.forEach((t=>n=n&&function(t,e){const s=at.exec(e);if(null===s)return null;const i=parseInt(s[1],10),h=t.messages;return Object.assign(Object.assign({},t),{messages:0===i?[["psk",...h[0]],...h.slice(1)]:[...h.slice(0,i-1),[...h[i-1],"psk"],...h.slice(i)]})}(n,t))),n&&Object.assign(Object.assign({},n),{name:t})):null}var lt=Object.freeze({__proto__:null,PATTERNS:it,isOneWay:rt,lookupPattern:ot});class ct{constructor(t,e,s,i={}){var h,r,n,a,o,l,c;if(this.algorithms=t,this.role=s,this.stepIndex=0,"string"==typeof e){const t=ot(e);if(null===t)throw new Error("Unknown Noise Protocol handshake pattern "+e);this.pattern=t}else this.pattern=e;this.staticKeypair=null!==(h=i.staticKeypair)&&void 0!==h?h:this.algorithms.dh.generateKeypair(),this.remoteStaticPublicKey=null!==(r=i.remoteStaticPublicKey)&&void 0!==r?r:null,this.ephemeralKeypair=null!==(n=i.pregeneratedEphemeralKeypair)&&void 0!==n?n:this.algorithms.dh.generateKeypair(),this.remoteEphemeralPublicKey=null!==(a=i.remotePregeneratedEphemeralPublicKey)&&void 0!==a?a:null,this.preSharedKeys=i.preSharedKeys,this.preSharedKeys&&(this.preSharedKeys=this.preSharedKeys.slice(),0===this.preSharedKeys.length&&(this.preSharedKeys=void 0));const f=(new TextEncoder).encode("Noise_"+this.pattern.name+"_"+this.algorithms.dh.NAME+"_"+this.algorithms.aead.NAME+"_"+this.algorithms.hash.NAME);this.cipherState=new et(this.algorithms);{const t=this.algorithms.hash.OUTBYTES,e=f.byteLength>t?this.algorithms.hash.digest(f):f;this.chainingKey=u(e,new Uint8Array(t-e.byteLength))}this.handshakeHash=this.chainingKey,this.mixHash(null!==(o=i.prologue)&&void 0!==o?o:y),this.pattern.initiatorPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.ephemeralKeypair.public:this.remoteEphemeralPublicKey:this.isInitiator?this.staticKeypair.public:this.remoteStaticPublicKey))),this.pattern.responderPreMessage.forEach((t=>this.mixHash("e"===t?this.isInitiator?this.remoteEphemeralPublicKey:this.ephemeralKeypair.public:this.isInitiator?this.remoteStaticPublicKey:this.staticKeypair.public))),this.hkdf=null!==(l=this.algorithms.hkdf)&&void 0!==l?l:q(null!==(c=this.algorithms.hmac)&&void 0!==c?c:G(this.algorithms.hash))}get isInitiator(){return"initiator"===this.role}mixHash(t){this.handshakeHash=this.algorithms.hash.digest(u(this.handshakeHash,t))}mixKey(t){const[e,s]=this.hkdf(this.chainingKey,t,2);this.chainingKey=e,this.cipherState=new et(this.algorithms,s)}mixKeyAndHashNextPSK(){const t=this.preSharedKeys.shift(),[e,s,i]=this.hkdf(this.chainingKey,t,3);this.chainingKey=e,this.mixHash(s),this.cipherState=new et(this.algorithms,i)}encryptAndHash(t){const e=this.cipherState.encrypt(t,this.handshakeHash);return this.mixHash(e),e}decryptAndHash(t){const e=this.cipherState.decrypt(t,this.handshakeHash);return this.mixHash(t),e}_split(){if(this.stepIndex<this.pattern.messages.length)return null;{let[t,e]=this.hkdf(this.chainingKey,y,2).map((t=>new et(this.algorithms,t)));return this.isInitiator?{send:t,recv:e}:{send:e,recv:t}}}_nextStep(){if(this.stepIndex>=this.pattern.messages.length)throw new Error("Handshake already complete, cannot continue");return this.pattern.messages[this.stepIndex++]}_processKeyMixToken(t){switch(t){case"ee":this.mixKey(this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteEphemeralPublicKey));break;case"es":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey):this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey));break;case"se":this.mixKey(this.isInitiator?this.algorithms.dh.dh(this.staticKeypair,this.remoteEphemeralPublicKey):this.algorithms.dh.dh(this.ephemeralKeypair,this.remoteStaticPublicKey));break;case"ss":this.mixKey(this.algorithms.dh.dh(this.staticKeypair,this.remoteStaticPublicKey));break;case"psk":this.mixKeyAndHashNextPSK()}}writeMessage(t){const e=[];let s;if(this._nextStep().forEach((t=>{switch(t){case"e":e.push(this.ephemeralKeypair.public),this.mixHash(this.ephemeralKeypair.public),this.preSharedKeys&&this.mixKey(this.ephemeralKeypair.public);break;case"s":e.push(this.encryptAndHash(this.staticKeypair.public));break;default:this._processKeyMixToken(t)}})),e.push(this.encryptAndHash(t)),1===e.length)s=e[0];else{s=new Uint8Array(e.reduce(((t,e)=>t+e.byteLength),0));let t=0;e.forEach((e=>{s.set(e,t),t+=e.byteLength}))}return{packet:s,finished:this._split()}}readMessage(t){const e=e=>{const s=t.slice(0,e);return t=t.subarray(e),s};this._nextStep().forEach((t=>{switch(t){case"e":this.remoteEphemeralPublicKey=e(this.algorithms.dh.DHLEN),this.mixHash(this.remoteEphemeralPublicKey),this.preSharedKeys&&this.mixKey(this.remoteEphemeralPublicKey);break;case"s":this.remoteStaticPublicKey=this.decryptAndHash(e(this.algorithms.dh.DHLEN+(this.cipherState.view?16:0)));break;default:this._processKeyMixToken(t)}}));return{message:this.decryptAndHash(t),finished:this._split()}}async completeHandshake(t,e,s=(async t=>{}),i=(async()=>new Uint8Array(0))){const h=async()=>{const{packet:e,finished:s}=this.writeMessage(await i());return await t(e),s||r()},r=async()=>{const{message:t,finished:i}=this.readMessage(await e());return await s(t),i||h()};return this.isInitiator?h():r()}}const ft={dh:Y,aead:K,hash:F};const ut={aead:{chacha20poly1305:b},cipher:{chacha20:a},dh:{x25519:X},hash:{blake2s:$,poly1305:l},noise:{algorithms:Z,cipherstate:st,handshake:Object.freeze({__proto__:null,Handshake:ct}),patterns:lt,profiles:Object.freeze({__proto__:null,Noise_25519_ChaChaPoly_BLAKE2s:ft}),rekey:tt}};t.AuthenticationFailure=w,t.BLAKE2s=F,t.Bytes=p,t.ChaCha20=r,t.ChaCha20Poly1305_RFC8439=K,t.CipherState=et,t.Handshake=ct,t.INTERNALS=ut,t.Noise_25519_ChaChaPoly_BLAKE2s=ft,t.Nonce=J,t.PATTERNS=it,t.Poly1305=o,t.X25519=Y,t._decrypt=_,t._encrypt=E,t._randomBytes=A,t.isOneWay=rt,t.lookupPattern=ot,t.makeHKDF=q,t.makeHMAC=G,t.matchPattern=W,t.randomBytes=M})); |
| { | ||
| "name": "salty-crypto", | ||
| "version": "0.1.1", | ||
| "version": "0.1.2", | ||
| "description": "Noise Protocol Framework, plus X25519/ChaCha20Poly1305/BLAKE2s code, for browser and node.js", | ||
@@ -5,0 +5,0 @@ "author": "Tony Garnock-Jones <tonyg@leastfixedpoint.com>", |
@@ -9,2 +9,33 @@ # salty-crypto | ||
| ## Example | ||
| The noise protocol needs some way to transport encrypted packets back and forth. This could be | ||
| a TCP/IP socket, a WebSocket, or something similar. Let's represent this transport as a pair of | ||
| functions: | ||
| ```typescript | ||
| async function writePacket(packet: Uint8Array): Promise<void>; | ||
| async function readPacket(): Promise<Uint8Array>; | ||
| ``` | ||
| Then, on the initiating ("connecting") side, | ||
| ```typescript | ||
| import { Handshake, Noise_25519_ChaChaPoly_BLAKE2s } from 'salty-crypto'; | ||
| const I = new Handshake(Noise_25519_ChaChaPoly_BLAKE2s, 'NX', 'initiator'); | ||
| const { send, recv } = await I.completeHandshake(writePacket, readPacket); | ||
| ... | ||
| await writePacket(send.encrypt(message)); | ||
| ... | ||
| const message = recv.decrypt(await readPacket()); | ||
| ... | ||
| ``` | ||
| On the responding ("listening") side, the code is exactly the same, except with `'responder'` | ||
| instead of `'initiator'`. | ||
| If you want to check the peer's static (~identity) key, access the `remoteStaticPublicKey` | ||
| field of the `Handshake` object. To supply a long-lived identity keypair when handshaking, pass | ||
| in a `HandshakeOptions` structure with a `staticKeypair` member to the `Handshake` constructor. | ||
| ## Status | ||
@@ -11,0 +42,0 @@ |
@@ -9,3 +9,3 @@ /// SPDX-License-Identifier: MIT | ||
| import { CipherState } from './cipherstate'; | ||
| import { HandshakePattern, KeyMixToken, Token } from './patterns'; | ||
| import { HandshakePattern, KeyMixToken, lookupPattern, Token } from './patterns'; | ||
| import { HKDF, makeHKDF } from '../hkdf'; | ||
@@ -38,8 +38,17 @@ import { makeHMAC } from '../hmac'; | ||
| hkdf: HKDF; | ||
| pattern: HandshakePattern; | ||
| constructor (public algorithms: Algorithms, | ||
| public pattern: HandshakePattern, | ||
| pattern: HandshakePattern | string, | ||
| public role: Role, | ||
| options: HandshakeOptions = {}) | ||
| { | ||
| if (typeof pattern === 'string') { | ||
| const p = lookupPattern(pattern); | ||
| if (p === null) throw new Error("Unknown Noise Protocol handshake pattern " + pattern); | ||
| this.pattern = p; | ||
| } else { | ||
| this.pattern = pattern; | ||
| } | ||
| this.staticKeypair = options.staticKeypair ?? this.algorithms.dh.generateKeypair(); | ||
@@ -46,0 +55,0 @@ this.remoteStaticPublicKey = options.remoteStaticPublicKey ?? null; |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.09%
1727573
- Lines of code
- increased by0.3%
2710
- Number of lines in readme file
- increased by41.33%
106
No dependency changes