@better-update/cli 0.33.0 → 0.33.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +400 -1186
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
package/dist/index.mjs
CHANGED
|
@@ -34,7 +34,7 @@ var __require = /* @__PURE__ */ createRequire(import.meta.url);
|
|
|
34
34
|
|
|
35
35
|
//#endregion
|
|
36
36
|
//#region package.json
|
|
37
|
-
var version = "0.33.
|
|
37
|
+
var version = "0.33.1";
|
|
38
38
|
|
|
39
39
|
//#endregion
|
|
40
40
|
//#region src/lib/interactive-mode.ts
|
|
@@ -925,7 +925,7 @@ var AuditLog = class extends Schema.Class("AuditLog")({
|
|
|
925
925
|
//#region ../../packages/api/src/groups/audit-logs.ts
|
|
926
926
|
var AuditLogsGroup = class extends HttpApiGroup.make("audit-logs").add(HttpApiEndpoint.get("list", "/api/audit-logs").setUrlParams(Schema.Struct({
|
|
927
927
|
projectId: Schema.optional(Schema.String),
|
|
928
|
-
resourceType: Schema.optional(
|
|
928
|
+
resourceType: Schema.optional(AuditLogResourceType),
|
|
929
929
|
from: Schema.optional(Schema.String),
|
|
930
930
|
to: Schema.optional(Schema.String),
|
|
931
931
|
...CursorPaginationParams.fields
|
|
@@ -5316,7 +5316,7 @@ const findAndroidArtifact = ({ projectRoot, format, flavor, buildType, minMtimeM
|
|
|
5316
5316
|
* isBytes(new Uint8Array());
|
|
5317
5317
|
* ```
|
|
5318
5318
|
*/
|
|
5319
|
-
function isBytes$
|
|
5319
|
+
function isBytes$4(a) {
|
|
5320
5320
|
return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array" && "BYTES_PER_ELEMENT" in a && a.BYTES_PER_ELEMENT === 1;
|
|
5321
5321
|
}
|
|
5322
5322
|
/**
|
|
@@ -5330,7 +5330,7 @@ function isBytes$5(a) {
|
|
|
5330
5330
|
* abool(true);
|
|
5331
5331
|
* ```
|
|
5332
5332
|
*/
|
|
5333
|
-
function abool$
|
|
5333
|
+
function abool$2(b) {
|
|
5334
5334
|
if (typeof b !== "boolean") throw new TypeError(`boolean expected, not ${b}`);
|
|
5335
5335
|
}
|
|
5336
5336
|
/**
|
|
@@ -5345,7 +5345,7 @@ function abool$3(b) {
|
|
|
5345
5345
|
* anumber(1);
|
|
5346
5346
|
* ```
|
|
5347
5347
|
*/
|
|
5348
|
-
function anumber$
|
|
5348
|
+
function anumber$4(n) {
|
|
5349
5349
|
if (typeof n !== "number") throw new TypeError("number expected, got " + typeof n);
|
|
5350
5350
|
if (!Number.isSafeInteger(n) || n < 0) throw new RangeError("positive integer expected, got " + n);
|
|
5351
5351
|
}
|
|
@@ -5365,8 +5365,8 @@ function anumber$5(n) {
|
|
|
5365
5365
|
* abytes(new Uint8Array([1, 2]), 2);
|
|
5366
5366
|
* ```
|
|
5367
5367
|
*/
|
|
5368
|
-
function abytes$
|
|
5369
|
-
const bytes = isBytes$
|
|
5368
|
+
function abytes$4(value, length, title = "") {
|
|
5369
|
+
const bytes = isBytes$4(value);
|
|
5370
5370
|
const len = value?.length;
|
|
5371
5371
|
const needsLen = length !== void 0;
|
|
5372
5372
|
if (!bytes || needsLen && len !== length) {
|
|
@@ -5392,7 +5392,7 @@ function abytes$5(value, length, title = "") {
|
|
|
5392
5392
|
* aexists({ destroyed: false, finished: false });
|
|
5393
5393
|
* ```
|
|
5394
5394
|
*/
|
|
5395
|
-
function aexists$
|
|
5395
|
+
function aexists$2(instance, checkFinished = true) {
|
|
5396
5396
|
if (instance.destroyed) throw new Error("Hash instance has been destroyed");
|
|
5397
5397
|
if (checkFinished && instance.finished) throw new Error("Hash#digest() has already been called");
|
|
5398
5398
|
}
|
|
@@ -5413,11 +5413,11 @@ function aexists$3(instance, checkFinished = true) {
|
|
|
5413
5413
|
* aoutput(new Uint8Array(16), { outputLen: 16 });
|
|
5414
5414
|
* ```
|
|
5415
5415
|
*/
|
|
5416
|
-
function aoutput$
|
|
5417
|
-
abytes$
|
|
5416
|
+
function aoutput$2(out, instance, onlyAligned = false) {
|
|
5417
|
+
abytes$4(out, void 0, "output");
|
|
5418
5418
|
const min = instance.outputLen;
|
|
5419
5419
|
if (out.length < min) throw new RangeError("digestInto() expects output buffer of length at least " + min);
|
|
5420
|
-
if (onlyAligned && !isAligned32
|
|
5420
|
+
if (onlyAligned && !isAligned32(out)) throw new Error("invalid output, must be aligned");
|
|
5421
5421
|
}
|
|
5422
5422
|
/**
|
|
5423
5423
|
* Casts a typed-array view to Uint32Array.
|
|
@@ -5431,7 +5431,7 @@ function aoutput$3(out, instance, onlyAligned = false) {
|
|
|
5431
5431
|
* u32(new Uint8Array(4));
|
|
5432
5432
|
* ```
|
|
5433
5433
|
*/
|
|
5434
|
-
function u32$
|
|
5434
|
+
function u32$2(arr) {
|
|
5435
5435
|
return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
|
|
5436
5436
|
}
|
|
5437
5437
|
/**
|
|
@@ -5446,7 +5446,7 @@ function u32$3(arr) {
|
|
|
5446
5446
|
* clean(bytes);
|
|
5447
5447
|
* ```
|
|
5448
5448
|
*/
|
|
5449
|
-
function clean$
|
|
5449
|
+
function clean$2(...arrays) {
|
|
5450
5450
|
for (let i = 0; i < arrays.length; i++) arrays[i].fill(0);
|
|
5451
5451
|
}
|
|
5452
5452
|
/**
|
|
@@ -5460,14 +5460,14 @@ function clean$3(...arrays) {
|
|
|
5460
5460
|
* createView(new Uint8Array(4));
|
|
5461
5461
|
* ```
|
|
5462
5462
|
*/
|
|
5463
|
-
function createView$
|
|
5463
|
+
function createView$2(arr) {
|
|
5464
5464
|
return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
5465
5465
|
}
|
|
5466
5466
|
/**
|
|
5467
5467
|
* Whether the current platform is little-endian.
|
|
5468
5468
|
* Most are; some IBM systems are not.
|
|
5469
5469
|
*/
|
|
5470
|
-
const isLE$
|
|
5470
|
+
const isLE$2 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
|
|
5471
5471
|
/**
|
|
5472
5472
|
* Reverses byte order of one 32-bit word.
|
|
5473
5473
|
* @param word - Unsigned 32-bit word to swap.
|
|
@@ -5491,7 +5491,7 @@ const byteSwap$2 = (word) => word << 24 & 4278190080 | word << 8 & 16711680 | wo
|
|
|
5491
5491
|
* swap8IfBE(0x11223344);
|
|
5492
5492
|
* ```
|
|
5493
5493
|
*/
|
|
5494
|
-
const swap8IfBE$1 = isLE$
|
|
5494
|
+
const swap8IfBE$1 = isLE$2 ? (n) => n : (n) => byteSwap$2(n) >>> 0;
|
|
5495
5495
|
/**
|
|
5496
5496
|
* Byte-swaps every word of a Uint32Array in place.
|
|
5497
5497
|
* @param arr - Uint32Array whose words should be swapped.
|
|
@@ -5518,7 +5518,7 @@ const byteSwap32$2 = (arr) => {
|
|
|
5518
5518
|
* swap32IfBE(new Uint32Array([0x11223344]));
|
|
5519
5519
|
* ```
|
|
5520
5520
|
*/
|
|
5521
|
-
const swap32IfBE$2 = isLE$
|
|
5521
|
+
const swap32IfBE$2 = isLE$2 ? (u) => u : byteSwap32$2;
|
|
5522
5522
|
/**
|
|
5523
5523
|
* Checks if two U8A use same underlying buffer and overlaps.
|
|
5524
5524
|
* This is invalid and can corrupt data.
|
|
@@ -5552,7 +5552,7 @@ function concatBytes$3(...arrays) {
|
|
|
5552
5552
|
let sum = 0;
|
|
5553
5553
|
for (let i = 0; i < arrays.length; i++) {
|
|
5554
5554
|
const a = arrays[i];
|
|
5555
|
-
abytes$
|
|
5555
|
+
abytes$4(a);
|
|
5556
5556
|
sum += a.length;
|
|
5557
5557
|
}
|
|
5558
5558
|
const res = new Uint8Array(sum);
|
|
@@ -5577,7 +5577,7 @@ function concatBytes$3(...arrays) {
|
|
|
5577
5577
|
* checkOpts({ rounds: 20 }, { rounds: 8 });
|
|
5578
5578
|
* ```
|
|
5579
5579
|
*/
|
|
5580
|
-
function checkOpts$
|
|
5580
|
+
function checkOpts$1(defaults, opts) {
|
|
5581
5581
|
if (opts == null || typeof opts !== "object") throw new Error("options must be defined");
|
|
5582
5582
|
return Object.assign(defaults, opts);
|
|
5583
5583
|
}
|
|
@@ -5593,7 +5593,7 @@ function checkOpts$2(defaults, opts) {
|
|
|
5593
5593
|
* equalBytes(new Uint8Array([1]), new Uint8Array([1]));
|
|
5594
5594
|
* ```
|
|
5595
5595
|
*/
|
|
5596
|
-
function equalBytes$
|
|
5596
|
+
function equalBytes$2(a, b) {
|
|
5597
5597
|
if (a.length !== b.length) return false;
|
|
5598
5598
|
let diff = 0;
|
|
5599
5599
|
for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
|
|
@@ -5629,20 +5629,20 @@ function wrapMacConstructor(keyLen, macCons, fromMsg) {
|
|
|
5629
5629
|
* @param constructor - Cipher constructor.
|
|
5630
5630
|
* @returns Wrapped constructor with validation.
|
|
5631
5631
|
*/
|
|
5632
|
-
const wrapCipher
|
|
5632
|
+
const wrapCipher = (params, constructor) => {
|
|
5633
5633
|
function wrappedCipher(key, ...args) {
|
|
5634
|
-
abytes$
|
|
5634
|
+
abytes$4(key, void 0, "key");
|
|
5635
5635
|
if (params.nonceLength !== void 0) {
|
|
5636
5636
|
const nonce = args[0];
|
|
5637
|
-
abytes$
|
|
5637
|
+
abytes$4(nonce, params.varSizeNonce ? void 0 : params.nonceLength, "nonce");
|
|
5638
5638
|
}
|
|
5639
5639
|
const tagl = params.tagLength;
|
|
5640
|
-
if (tagl && args[1] !== void 0) abytes$
|
|
5640
|
+
if (tagl && args[1] !== void 0) abytes$4(args[1], void 0, "AAD");
|
|
5641
5641
|
const cipher = constructor(key, ...args);
|
|
5642
5642
|
const checkOutput = (fnLength, output) => {
|
|
5643
5643
|
if (output !== void 0) {
|
|
5644
5644
|
if (fnLength !== 2) throw new Error("cipher output not supported");
|
|
5645
|
-
abytes$
|
|
5645
|
+
abytes$4(output, void 0, "output");
|
|
5646
5646
|
}
|
|
5647
5647
|
};
|
|
5648
5648
|
let called = false;
|
|
@@ -5650,12 +5650,12 @@ const wrapCipher$1 = (params, constructor) => {
|
|
|
5650
5650
|
encrypt(data, output) {
|
|
5651
5651
|
if (called) throw new Error("cannot encrypt() twice with same key + nonce");
|
|
5652
5652
|
called = true;
|
|
5653
|
-
abytes$
|
|
5653
|
+
abytes$4(data);
|
|
5654
5654
|
checkOutput(cipher.encrypt.length, output);
|
|
5655
5655
|
return cipher.encrypt(data, output);
|
|
5656
5656
|
},
|
|
5657
5657
|
decrypt(data, output) {
|
|
5658
|
-
abytes$
|
|
5658
|
+
abytes$4(data);
|
|
5659
5659
|
if (tagl && data.length < tagl) throw new Error("\"ciphertext\" expected length bigger than tagLength=" + tagl);
|
|
5660
5660
|
checkOutput(cipher.decrypt.length, output);
|
|
5661
5661
|
return cipher.decrypt(data, output);
|
|
@@ -5681,11 +5681,11 @@ const wrapCipher$1 = (params, constructor) => {
|
|
|
5681
5681
|
* getOutput(16, new Uint8Array(16));
|
|
5682
5682
|
* ```
|
|
5683
5683
|
*/
|
|
5684
|
-
function getOutput
|
|
5684
|
+
function getOutput(expectedLength, out, onlyAligned = true) {
|
|
5685
5685
|
if (out === void 0) return new Uint8Array(expectedLength);
|
|
5686
|
-
abytes$
|
|
5686
|
+
abytes$4(out, void 0, "output");
|
|
5687
5687
|
if (out.length !== expectedLength) throw new Error("\"output\" expected Uint8Array of length " + expectedLength + ", got: " + out.length);
|
|
5688
|
-
if (onlyAligned && !isAligned32
|
|
5688
|
+
if (onlyAligned && !isAligned32(out)) throw new Error("invalid output, must be aligned");
|
|
5689
5689
|
return out;
|
|
5690
5690
|
}
|
|
5691
5691
|
/**
|
|
@@ -5705,12 +5705,12 @@ function getOutput$1(expectedLength, out, onlyAligned = true) {
|
|
|
5705
5705
|
* u64Lengths(16, 8, true);
|
|
5706
5706
|
* ```
|
|
5707
5707
|
*/
|
|
5708
|
-
function u64Lengths
|
|
5709
|
-
anumber$
|
|
5710
|
-
anumber$
|
|
5711
|
-
abool$
|
|
5708
|
+
function u64Lengths(dataLength, aadLength, isLE) {
|
|
5709
|
+
anumber$4(dataLength);
|
|
5710
|
+
anumber$4(aadLength);
|
|
5711
|
+
abool$2(isLE);
|
|
5712
5712
|
const num = new Uint8Array(16);
|
|
5713
|
-
const view = createView$
|
|
5713
|
+
const view = createView$2(num);
|
|
5714
5714
|
view.setBigUint64(0, BigInt(aadLength), isLE);
|
|
5715
5715
|
view.setBigUint64(8, BigInt(dataLength), isLE);
|
|
5716
5716
|
return num;
|
|
@@ -5726,7 +5726,7 @@ function u64Lengths$1(dataLength, aadLength, isLE) {
|
|
|
5726
5726
|
* isAligned32(new Uint8Array(4));
|
|
5727
5727
|
* ```
|
|
5728
5728
|
*/
|
|
5729
|
-
function isAligned32
|
|
5729
|
+
function isAligned32(bytes) {
|
|
5730
5730
|
return bytes.byteOffset % 4 === 0;
|
|
5731
5731
|
}
|
|
5732
5732
|
/**
|
|
@@ -5741,8 +5741,8 @@ function isAligned32$2(bytes) {
|
|
|
5741
5741
|
* copyBytes(new Uint8Array([1, 2]));
|
|
5742
5742
|
* ```
|
|
5743
5743
|
*/
|
|
5744
|
-
function copyBytes$
|
|
5745
|
-
return Uint8Array.from(abytes$
|
|
5744
|
+
function copyBytes$3(bytes) {
|
|
5745
|
+
return Uint8Array.from(abytes$4(bytes));
|
|
5746
5746
|
}
|
|
5747
5747
|
/**
|
|
5748
5748
|
* Cryptographically secure PRNG.
|
|
@@ -5762,7 +5762,7 @@ function copyBytes$4(bytes) {
|
|
|
5762
5762
|
* ```
|
|
5763
5763
|
*/
|
|
5764
5764
|
function randomBytes$5(bytesLength = 32) {
|
|
5765
|
-
anumber$
|
|
5765
|
+
anumber$4(bytesLength);
|
|
5766
5766
|
const cr = typeof globalThis === "object" ? globalThis.crypto : null;
|
|
5767
5767
|
if (typeof cr?.getRandomValues !== "function") throw new Error("crypto.getRandomValues must be defined");
|
|
5768
5768
|
return cr.getRandomValues(new Uint8Array(bytesLength));
|
|
@@ -5799,7 +5799,7 @@ function randomBytes$5(bytesLength = 32) {
|
|
|
5799
5799
|
*/
|
|
5800
5800
|
function managedNonce(fn, randomBytes_ = randomBytes$5) {
|
|
5801
5801
|
const { nonceLength } = fn;
|
|
5802
|
-
anumber$
|
|
5802
|
+
anumber$4(nonceLength);
|
|
5803
5803
|
const addNonce = (nonce, ciphertext, plaintext) => {
|
|
5804
5804
|
const out = concatBytes$3(nonce, ciphertext);
|
|
5805
5805
|
if (!overlapBytes(plaintext, ciphertext)) ciphertext.fill(0);
|
|
@@ -5807,14 +5807,14 @@ function managedNonce(fn, randomBytes_ = randomBytes$5) {
|
|
|
5807
5807
|
};
|
|
5808
5808
|
const res = ((key, ...args) => ({
|
|
5809
5809
|
encrypt(plaintext) {
|
|
5810
|
-
abytes$
|
|
5810
|
+
abytes$4(plaintext);
|
|
5811
5811
|
const nonce = randomBytes_(nonceLength);
|
|
5812
5812
|
const encrypted = fn(key, nonce, ...args).encrypt(plaintext);
|
|
5813
5813
|
if (encrypted instanceof Promise) return encrypted.then((ct) => addNonce(nonce, ct, plaintext));
|
|
5814
5814
|
return addNonce(nonce, encrypted, plaintext);
|
|
5815
5815
|
},
|
|
5816
5816
|
decrypt(ciphertext) {
|
|
5817
|
-
abytes$
|
|
5817
|
+
abytes$4(ciphertext);
|
|
5818
5818
|
const nonce = ciphertext.subarray(0, nonceLength);
|
|
5819
5819
|
const decrypted = ciphertext.subarray(nonceLength);
|
|
5820
5820
|
return fn(key, nonce, ...args).decrypt(decrypted);
|
|
@@ -5867,9 +5867,9 @@ See {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha#appendi
|
|
|
5867
5867
|
|
|
5868
5868
|
* @module
|
|
5869
5869
|
*/
|
|
5870
|
-
const encodeStr
|
|
5871
|
-
const sigma16_32
|
|
5872
|
-
const sigma32_32
|
|
5870
|
+
const encodeStr = (str) => Uint8Array.from(str.split(""), (c) => c.charCodeAt(0));
|
|
5871
|
+
const sigma16_32 = /* @__PURE__ */ (() => swap32IfBE$2(u32$2(encodeStr("expand 16-byte k"))))();
|
|
5872
|
+
const sigma32_32 = /* @__PURE__ */ (() => swap32IfBE$2(u32$2(encodeStr("expand 32-byte k"))))();
|
|
5873
5873
|
/**
|
|
5874
5874
|
* Rotates a 32-bit word left.
|
|
5875
5875
|
* @param a - Input word.
|
|
@@ -5881,26 +5881,26 @@ const sigma32_32$1 = /* @__PURE__ */ (() => swap32IfBE$2(u32$3(encodeStr$1("expa
|
|
|
5881
5881
|
* rotl(0x12345678, 8);
|
|
5882
5882
|
* ```
|
|
5883
5883
|
*/
|
|
5884
|
-
function rotl$
|
|
5884
|
+
function rotl$1(a, b) {
|
|
5885
5885
|
return a << b | a >>> 32 - b;
|
|
5886
5886
|
}
|
|
5887
|
-
const BLOCK_LEN
|
|
5888
|
-
const BLOCK_LEN32
|
|
5889
|
-
const MAX_COUNTER
|
|
5890
|
-
const U32_EMPTY
|
|
5891
|
-
function runCipher
|
|
5887
|
+
const BLOCK_LEN = 64;
|
|
5888
|
+
const BLOCK_LEN32 = 16;
|
|
5889
|
+
const MAX_COUNTER = /* @__PURE__ */ (() => 2 ** 32 - 1)();
|
|
5890
|
+
const U32_EMPTY = /* @__PURE__ */ Uint32Array.of();
|
|
5891
|
+
function runCipher(core, sigma, key, nonce, data, output, counter, rounds) {
|
|
5892
5892
|
const len = data.length;
|
|
5893
|
-
const block = new Uint8Array(BLOCK_LEN
|
|
5894
|
-
const b32 = u32$
|
|
5895
|
-
const isAligned = isLE$
|
|
5896
|
-
const d32 = isAligned ? u32$
|
|
5897
|
-
const o32 = isAligned ? u32$
|
|
5898
|
-
if (!isLE$
|
|
5893
|
+
const block = new Uint8Array(BLOCK_LEN);
|
|
5894
|
+
const b32 = u32$2(block);
|
|
5895
|
+
const isAligned = isLE$2 && isAligned32(data) && isAligned32(output);
|
|
5896
|
+
const d32 = isAligned ? u32$2(data) : U32_EMPTY;
|
|
5897
|
+
const o32 = isAligned ? u32$2(output) : U32_EMPTY;
|
|
5898
|
+
if (!isLE$2) {
|
|
5899
5899
|
for (let pos = 0; pos < len; counter++) {
|
|
5900
5900
|
core(sigma, key, nonce, b32, counter, rounds);
|
|
5901
5901
|
swap32IfBE$2(b32);
|
|
5902
|
-
if (counter >= MAX_COUNTER
|
|
5903
|
-
const take = Math.min(BLOCK_LEN
|
|
5902
|
+
if (counter >= MAX_COUNTER) throw new Error("arx: counter overflow");
|
|
5903
|
+
const take = Math.min(BLOCK_LEN, len - pos);
|
|
5904
5904
|
for (let j = 0, posj; j < take; j++) {
|
|
5905
5905
|
posj = pos + j;
|
|
5906
5906
|
output[posj] = data[posj] ^ block[j];
|
|
@@ -5911,16 +5911,16 @@ function runCipher$1(core, sigma, key, nonce, data, output, counter, rounds) {
|
|
|
5911
5911
|
}
|
|
5912
5912
|
for (let pos = 0; pos < len; counter++) {
|
|
5913
5913
|
core(sigma, key, nonce, b32, counter, rounds);
|
|
5914
|
-
if (counter >= MAX_COUNTER
|
|
5915
|
-
const take = Math.min(BLOCK_LEN
|
|
5916
|
-
if (isAligned && take === BLOCK_LEN
|
|
5914
|
+
if (counter >= MAX_COUNTER) throw new Error("arx: counter overflow");
|
|
5915
|
+
const take = Math.min(BLOCK_LEN, len - pos);
|
|
5916
|
+
if (isAligned && take === BLOCK_LEN) {
|
|
5917
5917
|
const pos32 = pos / 4;
|
|
5918
5918
|
if (pos % 4 !== 0) throw new Error("arx: invalid block position");
|
|
5919
|
-
for (let j = 0, posj; j < BLOCK_LEN32
|
|
5919
|
+
for (let j = 0, posj; j < BLOCK_LEN32; j++) {
|
|
5920
5920
|
posj = pos32 + j;
|
|
5921
5921
|
o32[posj] = d32[posj] ^ b32[j];
|
|
5922
5922
|
}
|
|
5923
|
-
pos += BLOCK_LEN
|
|
5923
|
+
pos += BLOCK_LEN;
|
|
5924
5924
|
continue;
|
|
5925
5925
|
}
|
|
5926
5926
|
for (let j = 0, posj; j < take; j++) {
|
|
@@ -5938,57 +5938,57 @@ function runCipher$1(core, sigma, key, nonce, data, output, counter, rounds) {
|
|
|
5938
5938
|
* @returns Stream cipher function over byte arrays.
|
|
5939
5939
|
* @throws If the core callback, key size, counter, or output sizing is invalid. {@link Error}
|
|
5940
5940
|
*/
|
|
5941
|
-
function createCipher
|
|
5942
|
-
const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts$
|
|
5941
|
+
function createCipher(core, opts) {
|
|
5942
|
+
const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts$1({
|
|
5943
5943
|
allowShortKeys: false,
|
|
5944
5944
|
counterLength: 8,
|
|
5945
5945
|
counterRight: false,
|
|
5946
5946
|
rounds: 20
|
|
5947
5947
|
}, opts);
|
|
5948
5948
|
if (typeof core !== "function") throw new Error("core must be a function");
|
|
5949
|
-
anumber$
|
|
5950
|
-
anumber$
|
|
5951
|
-
abool$
|
|
5952
|
-
abool$
|
|
5949
|
+
anumber$4(counterLength);
|
|
5950
|
+
anumber$4(rounds);
|
|
5951
|
+
abool$2(counterRight);
|
|
5952
|
+
abool$2(allowShortKeys);
|
|
5953
5953
|
return (key, nonce, data, output, counter = 0) => {
|
|
5954
|
-
abytes$
|
|
5955
|
-
abytes$
|
|
5956
|
-
abytes$
|
|
5954
|
+
abytes$4(key, void 0, "key");
|
|
5955
|
+
abytes$4(nonce, void 0, "nonce");
|
|
5956
|
+
abytes$4(data, void 0, "data");
|
|
5957
5957
|
const len = data.length;
|
|
5958
|
-
output = getOutput
|
|
5959
|
-
anumber$
|
|
5960
|
-
if (counter < 0 || counter >= MAX_COUNTER
|
|
5958
|
+
output = getOutput(len, output, false);
|
|
5959
|
+
anumber$4(counter);
|
|
5960
|
+
if (counter < 0 || counter >= MAX_COUNTER) throw new Error("arx: counter overflow");
|
|
5961
5961
|
const toClean = [];
|
|
5962
5962
|
let l = key.length;
|
|
5963
5963
|
let k;
|
|
5964
5964
|
let sigma;
|
|
5965
5965
|
if (l === 32) {
|
|
5966
|
-
toClean.push(k = copyBytes$
|
|
5967
|
-
sigma = sigma32_32
|
|
5966
|
+
toClean.push(k = copyBytes$3(key));
|
|
5967
|
+
sigma = sigma32_32;
|
|
5968
5968
|
} else if (l === 16 && allowShortKeys) {
|
|
5969
5969
|
k = new Uint8Array(32);
|
|
5970
5970
|
k.set(key);
|
|
5971
5971
|
k.set(key, 16);
|
|
5972
|
-
sigma = sigma16_32
|
|
5972
|
+
sigma = sigma16_32;
|
|
5973
5973
|
toClean.push(k);
|
|
5974
5974
|
} else {
|
|
5975
|
-
abytes$
|
|
5975
|
+
abytes$4(key, 32, "arx key");
|
|
5976
5976
|
throw new Error("invalid key size");
|
|
5977
5977
|
}
|
|
5978
|
-
if (!isLE$
|
|
5979
|
-
let k32 = u32$
|
|
5978
|
+
if (!isLE$2 || !isAligned32(nonce)) toClean.push(nonce = copyBytes$3(nonce));
|
|
5979
|
+
let k32 = u32$2(k);
|
|
5980
5980
|
if (extendNonceFn) {
|
|
5981
5981
|
if (nonce.length !== 24) throw new Error(`arx: extended nonce must be 24 bytes`);
|
|
5982
5982
|
const n16 = nonce.subarray(0, 16);
|
|
5983
|
-
if (isLE$
|
|
5983
|
+
if (isLE$2) extendNonceFn(sigma, k32, u32$2(n16), k32);
|
|
5984
5984
|
else {
|
|
5985
5985
|
const sigmaRaw = swap32IfBE$2(Uint32Array.from(sigma));
|
|
5986
|
-
extendNonceFn(sigmaRaw, k32, u32$
|
|
5987
|
-
clean$
|
|
5986
|
+
extendNonceFn(sigmaRaw, k32, u32$2(n16), k32);
|
|
5987
|
+
clean$2(sigmaRaw);
|
|
5988
5988
|
swap32IfBE$2(k32);
|
|
5989
5989
|
}
|
|
5990
5990
|
nonce = nonce.subarray(16);
|
|
5991
|
-
} else if (!isLE$
|
|
5991
|
+
} else if (!isLE$2) swap32IfBE$2(k32);
|
|
5992
5992
|
const nonceNcLen = 16 - counterLength;
|
|
5993
5993
|
if (nonceNcLen !== nonce.length) throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);
|
|
5994
5994
|
if (nonceNcLen !== 12) {
|
|
@@ -5997,12 +5997,12 @@ function createCipher$1(core, opts) {
|
|
|
5997
5997
|
nonce = nc;
|
|
5998
5998
|
toClean.push(nonce);
|
|
5999
5999
|
}
|
|
6000
|
-
const n32 = swap32IfBE$2(u32$
|
|
6000
|
+
const n32 = swap32IfBE$2(u32$2(nonce));
|
|
6001
6001
|
try {
|
|
6002
|
-
runCipher
|
|
6002
|
+
runCipher(core, sigma, k32, n32, data, output, counter, rounds);
|
|
6003
6003
|
return output;
|
|
6004
6004
|
} finally {
|
|
6005
|
-
clean$
|
|
6005
|
+
clean$2(...toClean);
|
|
6006
6006
|
}
|
|
6007
6007
|
};
|
|
6008
6008
|
}
|
|
@@ -6028,7 +6028,7 @@ function createCipher$1(core, opts) {
|
|
|
6028
6028
|
* Based on public-domain {@link https://github.com/floodyberry/poly1305-donna | poly1305-donna}.
|
|
6029
6029
|
* @module
|
|
6030
6030
|
*/
|
|
6031
|
-
function u8to16
|
|
6031
|
+
function u8to16(a, i) {
|
|
6032
6032
|
return a[i++] & 255 | (a[i++] & 255) << 8;
|
|
6033
6033
|
}
|
|
6034
6034
|
/**
|
|
@@ -6047,7 +6047,7 @@ function u8to16$1(a, i) {
|
|
|
6047
6047
|
* mac.digest();
|
|
6048
6048
|
* ```
|
|
6049
6049
|
*/
|
|
6050
|
-
var Poly1305
|
|
6050
|
+
var Poly1305 = class {
|
|
6051
6051
|
blockLen = 16;
|
|
6052
6052
|
outputLen = 16;
|
|
6053
6053
|
buffer = new Uint8Array(16);
|
|
@@ -6058,15 +6058,15 @@ var Poly1305$1 = class {
|
|
|
6058
6058
|
finished = false;
|
|
6059
6059
|
destroyed = false;
|
|
6060
6060
|
constructor(key) {
|
|
6061
|
-
key = copyBytes$
|
|
6062
|
-
const t0 = u8to16
|
|
6063
|
-
const t1 = u8to16
|
|
6064
|
-
const t2 = u8to16
|
|
6065
|
-
const t3 = u8to16
|
|
6066
|
-
const t4 = u8to16
|
|
6067
|
-
const t5 = u8to16
|
|
6068
|
-
const t6 = u8to16
|
|
6069
|
-
const t7 = u8to16
|
|
6061
|
+
key = copyBytes$3(abytes$4(key, 32, "key"));
|
|
6062
|
+
const t0 = u8to16(key, 0);
|
|
6063
|
+
const t1 = u8to16(key, 2);
|
|
6064
|
+
const t2 = u8to16(key, 4);
|
|
6065
|
+
const t3 = u8to16(key, 6);
|
|
6066
|
+
const t4 = u8to16(key, 8);
|
|
6067
|
+
const t5 = u8to16(key, 10);
|
|
6068
|
+
const t6 = u8to16(key, 12);
|
|
6069
|
+
const t7 = u8to16(key, 14);
|
|
6070
6070
|
this.r[0] = t0 & 8191;
|
|
6071
6071
|
this.r[1] = (t0 >>> 13 | t1 << 3) & 8191;
|
|
6072
6072
|
this.r[2] = (t1 >>> 10 | t2 << 6) & 7939;
|
|
@@ -6077,7 +6077,7 @@ var Poly1305$1 = class {
|
|
|
6077
6077
|
this.r[7] = (t5 >>> 11 | t6 << 5) & 8065;
|
|
6078
6078
|
this.r[8] = (t6 >>> 8 | t7 << 8) & 8191;
|
|
6079
6079
|
this.r[9] = t7 >>> 5 & 127;
|
|
6080
|
-
for (let i = 0; i < 8; i++) this.pad[i] = u8to16
|
|
6080
|
+
for (let i = 0; i < 8; i++) this.pad[i] = u8to16(key, 16 + 2 * i);
|
|
6081
6081
|
}
|
|
6082
6082
|
process(data, offset, isLast = false) {
|
|
6083
6083
|
const hibit = isLast ? 0 : 2048;
|
|
@@ -6092,14 +6092,14 @@ var Poly1305$1 = class {
|
|
|
6092
6092
|
const r7 = r[7];
|
|
6093
6093
|
const r8 = r[8];
|
|
6094
6094
|
const r9 = r[9];
|
|
6095
|
-
const t0 = u8to16
|
|
6096
|
-
const t1 = u8to16
|
|
6097
|
-
const t2 = u8to16
|
|
6098
|
-
const t3 = u8to16
|
|
6099
|
-
const t4 = u8to16
|
|
6100
|
-
const t5 = u8to16
|
|
6101
|
-
const t6 = u8to16
|
|
6102
|
-
const t7 = u8to16
|
|
6095
|
+
const t0 = u8to16(data, offset + 0);
|
|
6096
|
+
const t1 = u8to16(data, offset + 2);
|
|
6097
|
+
const t2 = u8to16(data, offset + 4);
|
|
6098
|
+
const t3 = u8to16(data, offset + 6);
|
|
6099
|
+
const t4 = u8to16(data, offset + 8);
|
|
6100
|
+
const t5 = u8to16(data, offset + 10);
|
|
6101
|
+
const t6 = u8to16(data, offset + 12);
|
|
6102
|
+
const t7 = u8to16(data, offset + 14);
|
|
6103
6103
|
let h0 = h[0] + (t0 & 8191);
|
|
6104
6104
|
let h1 = h[1] + ((t0 >>> 13 | t1 << 3) & 8191);
|
|
6105
6105
|
let h2 = h[2] + ((t1 >>> 10 | t2 << 6) & 8191);
|
|
@@ -6231,12 +6231,12 @@ var Poly1305$1 = class {
|
|
|
6231
6231
|
f = (h[i] + pad[i] | 0) + (f >>> 16) | 0;
|
|
6232
6232
|
h[i] = f & 65535;
|
|
6233
6233
|
}
|
|
6234
|
-
clean$
|
|
6234
|
+
clean$2(g);
|
|
6235
6235
|
}
|
|
6236
6236
|
update(data) {
|
|
6237
|
-
aexists$
|
|
6238
|
-
abytes$
|
|
6239
|
-
data = copyBytes$
|
|
6237
|
+
aexists$2(this);
|
|
6238
|
+
abytes$4(data);
|
|
6239
|
+
data = copyBytes$3(data);
|
|
6240
6240
|
const { buffer, blockLen } = this;
|
|
6241
6241
|
const len = data.length;
|
|
6242
6242
|
for (let pos = 0; pos < len;) {
|
|
@@ -6257,11 +6257,11 @@ var Poly1305$1 = class {
|
|
|
6257
6257
|
}
|
|
6258
6258
|
destroy() {
|
|
6259
6259
|
this.destroyed = true;
|
|
6260
|
-
clean$
|
|
6260
|
+
clean$2(this.h, this.r, this.buffer, this.pad);
|
|
6261
6261
|
}
|
|
6262
6262
|
digestInto(out) {
|
|
6263
|
-
aexists$
|
|
6264
|
-
aoutput$
|
|
6263
|
+
aexists$2(this);
|
|
6264
|
+
aoutput$2(out, this);
|
|
6265
6265
|
this.finished = true;
|
|
6266
6266
|
const { buffer, h } = this;
|
|
6267
6267
|
let { pos } = this;
|
|
@@ -6300,7 +6300,7 @@ var Poly1305$1 = class {
|
|
|
6300
6300
|
* poly1305(new Uint8Array(), key);
|
|
6301
6301
|
* ```
|
|
6302
6302
|
*/
|
|
6303
|
-
const poly1305
|
|
6303
|
+
const poly1305 = /* @__PURE__ */ wrapMacConstructor(32, (key) => new Poly1305(key));
|
|
6304
6304
|
|
|
6305
6305
|
//#endregion
|
|
6306
6306
|
//#region ../../node_modules/.bun/@noble+ciphers@2.2.0/node_modules/@noble/ciphers/chacha.js
|
|
@@ -6323,74 +6323,74 @@ const poly1305$1 = /* @__PURE__ */ wrapMacConstructor(32, (key) => new Poly1305$
|
|
|
6323
6323
|
* @module
|
|
6324
6324
|
*/
|
|
6325
6325
|
/** RFC 8439 §2.3 block core for `state = constants | key | counter | nonce`. */
|
|
6326
|
-
function chachaCore
|
|
6326
|
+
function chachaCore(s, k, n, out, cnt, rounds = 20) {
|
|
6327
6327
|
let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2];
|
|
6328
6328
|
let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
|
|
6329
6329
|
for (let r = 0; r < rounds; r += 2) {
|
|
6330
6330
|
x00 = x00 + x04 | 0;
|
|
6331
|
-
x12 = rotl$
|
|
6331
|
+
x12 = rotl$1(x12 ^ x00, 16);
|
|
6332
6332
|
x08 = x08 + x12 | 0;
|
|
6333
|
-
x04 = rotl$
|
|
6333
|
+
x04 = rotl$1(x04 ^ x08, 12);
|
|
6334
6334
|
x00 = x00 + x04 | 0;
|
|
6335
|
-
x12 = rotl$
|
|
6335
|
+
x12 = rotl$1(x12 ^ x00, 8);
|
|
6336
6336
|
x08 = x08 + x12 | 0;
|
|
6337
|
-
x04 = rotl$
|
|
6337
|
+
x04 = rotl$1(x04 ^ x08, 7);
|
|
6338
6338
|
x01 = x01 + x05 | 0;
|
|
6339
|
-
x13 = rotl$
|
|
6339
|
+
x13 = rotl$1(x13 ^ x01, 16);
|
|
6340
6340
|
x09 = x09 + x13 | 0;
|
|
6341
|
-
x05 = rotl$
|
|
6341
|
+
x05 = rotl$1(x05 ^ x09, 12);
|
|
6342
6342
|
x01 = x01 + x05 | 0;
|
|
6343
|
-
x13 = rotl$
|
|
6343
|
+
x13 = rotl$1(x13 ^ x01, 8);
|
|
6344
6344
|
x09 = x09 + x13 | 0;
|
|
6345
|
-
x05 = rotl$
|
|
6345
|
+
x05 = rotl$1(x05 ^ x09, 7);
|
|
6346
6346
|
x02 = x02 + x06 | 0;
|
|
6347
|
-
x14 = rotl$
|
|
6347
|
+
x14 = rotl$1(x14 ^ x02, 16);
|
|
6348
6348
|
x10 = x10 + x14 | 0;
|
|
6349
|
-
x06 = rotl$
|
|
6349
|
+
x06 = rotl$1(x06 ^ x10, 12);
|
|
6350
6350
|
x02 = x02 + x06 | 0;
|
|
6351
|
-
x14 = rotl$
|
|
6351
|
+
x14 = rotl$1(x14 ^ x02, 8);
|
|
6352
6352
|
x10 = x10 + x14 | 0;
|
|
6353
|
-
x06 = rotl$
|
|
6353
|
+
x06 = rotl$1(x06 ^ x10, 7);
|
|
6354
6354
|
x03 = x03 + x07 | 0;
|
|
6355
|
-
x15 = rotl$
|
|
6355
|
+
x15 = rotl$1(x15 ^ x03, 16);
|
|
6356
6356
|
x11 = x11 + x15 | 0;
|
|
6357
|
-
x07 = rotl$
|
|
6357
|
+
x07 = rotl$1(x07 ^ x11, 12);
|
|
6358
6358
|
x03 = x03 + x07 | 0;
|
|
6359
|
-
x15 = rotl$
|
|
6359
|
+
x15 = rotl$1(x15 ^ x03, 8);
|
|
6360
6360
|
x11 = x11 + x15 | 0;
|
|
6361
|
-
x07 = rotl$
|
|
6361
|
+
x07 = rotl$1(x07 ^ x11, 7);
|
|
6362
6362
|
x00 = x00 + x05 | 0;
|
|
6363
|
-
x15 = rotl$
|
|
6363
|
+
x15 = rotl$1(x15 ^ x00, 16);
|
|
6364
6364
|
x10 = x10 + x15 | 0;
|
|
6365
|
-
x05 = rotl$
|
|
6365
|
+
x05 = rotl$1(x05 ^ x10, 12);
|
|
6366
6366
|
x00 = x00 + x05 | 0;
|
|
6367
|
-
x15 = rotl$
|
|
6367
|
+
x15 = rotl$1(x15 ^ x00, 8);
|
|
6368
6368
|
x10 = x10 + x15 | 0;
|
|
6369
|
-
x05 = rotl$
|
|
6369
|
+
x05 = rotl$1(x05 ^ x10, 7);
|
|
6370
6370
|
x01 = x01 + x06 | 0;
|
|
6371
|
-
x12 = rotl$
|
|
6371
|
+
x12 = rotl$1(x12 ^ x01, 16);
|
|
6372
6372
|
x11 = x11 + x12 | 0;
|
|
6373
|
-
x06 = rotl$
|
|
6373
|
+
x06 = rotl$1(x06 ^ x11, 12);
|
|
6374
6374
|
x01 = x01 + x06 | 0;
|
|
6375
|
-
x12 = rotl$
|
|
6375
|
+
x12 = rotl$1(x12 ^ x01, 8);
|
|
6376
6376
|
x11 = x11 + x12 | 0;
|
|
6377
|
-
x06 = rotl$
|
|
6377
|
+
x06 = rotl$1(x06 ^ x11, 7);
|
|
6378
6378
|
x02 = x02 + x07 | 0;
|
|
6379
|
-
x13 = rotl$
|
|
6379
|
+
x13 = rotl$1(x13 ^ x02, 16);
|
|
6380
6380
|
x08 = x08 + x13 | 0;
|
|
6381
|
-
x07 = rotl$
|
|
6381
|
+
x07 = rotl$1(x07 ^ x08, 12);
|
|
6382
6382
|
x02 = x02 + x07 | 0;
|
|
6383
|
-
x13 = rotl$
|
|
6383
|
+
x13 = rotl$1(x13 ^ x02, 8);
|
|
6384
6384
|
x08 = x08 + x13 | 0;
|
|
6385
|
-
x07 = rotl$
|
|
6385
|
+
x07 = rotl$1(x07 ^ x08, 7);
|
|
6386
6386
|
x03 = x03 + x04 | 0;
|
|
6387
|
-
x14 = rotl$
|
|
6387
|
+
x14 = rotl$1(x14 ^ x03, 16);
|
|
6388
6388
|
x09 = x09 + x14 | 0;
|
|
6389
|
-
x04 = rotl$
|
|
6389
|
+
x04 = rotl$1(x04 ^ x09, 12);
|
|
6390
6390
|
x03 = x03 + x04 | 0;
|
|
6391
|
-
x14 = rotl$
|
|
6391
|
+
x14 = rotl$1(x14 ^ x03, 8);
|
|
6392
6392
|
x09 = x09 + x14 | 0;
|
|
6393
|
-
x04 = rotl$
|
|
6393
|
+
x04 = rotl$1(x04 ^ x09, 7);
|
|
6394
6394
|
}
|
|
6395
6395
|
let oi = 0;
|
|
6396
6396
|
out[oi++] = y00 + x00 | 0;
|
|
@@ -6430,73 +6430,73 @@ function chachaCore$1(s, k, n, out, cnt, rounds = 20) {
|
|
|
6430
6430
|
* hchacha(sigma, key, nonce, out);
|
|
6431
6431
|
* ```
|
|
6432
6432
|
*/
|
|
6433
|
-
function hchacha
|
|
6433
|
+
function hchacha(s, k, i, out) {
|
|
6434
6434
|
let x00 = swap8IfBE$1(s[0]), x01 = swap8IfBE$1(s[1]), x02 = swap8IfBE$1(s[2]), x03 = swap8IfBE$1(s[3]), x04 = swap8IfBE$1(k[0]), x05 = swap8IfBE$1(k[1]), x06 = swap8IfBE$1(k[2]), x07 = swap8IfBE$1(k[3]), x08 = swap8IfBE$1(k[4]), x09 = swap8IfBE$1(k[5]), x10 = swap8IfBE$1(k[6]), x11 = swap8IfBE$1(k[7]), x12 = swap8IfBE$1(i[0]), x13 = swap8IfBE$1(i[1]), x14 = swap8IfBE$1(i[2]), x15 = swap8IfBE$1(i[3]);
|
|
6435
6435
|
for (let r = 0; r < 20; r += 2) {
|
|
6436
6436
|
x00 = x00 + x04 | 0;
|
|
6437
|
-
x12 = rotl$
|
|
6437
|
+
x12 = rotl$1(x12 ^ x00, 16);
|
|
6438
6438
|
x08 = x08 + x12 | 0;
|
|
6439
|
-
x04 = rotl$
|
|
6439
|
+
x04 = rotl$1(x04 ^ x08, 12);
|
|
6440
6440
|
x00 = x00 + x04 | 0;
|
|
6441
|
-
x12 = rotl$
|
|
6441
|
+
x12 = rotl$1(x12 ^ x00, 8);
|
|
6442
6442
|
x08 = x08 + x12 | 0;
|
|
6443
|
-
x04 = rotl$
|
|
6443
|
+
x04 = rotl$1(x04 ^ x08, 7);
|
|
6444
6444
|
x01 = x01 + x05 | 0;
|
|
6445
|
-
x13 = rotl$
|
|
6445
|
+
x13 = rotl$1(x13 ^ x01, 16);
|
|
6446
6446
|
x09 = x09 + x13 | 0;
|
|
6447
|
-
x05 = rotl$
|
|
6447
|
+
x05 = rotl$1(x05 ^ x09, 12);
|
|
6448
6448
|
x01 = x01 + x05 | 0;
|
|
6449
|
-
x13 = rotl$
|
|
6449
|
+
x13 = rotl$1(x13 ^ x01, 8);
|
|
6450
6450
|
x09 = x09 + x13 | 0;
|
|
6451
|
-
x05 = rotl$
|
|
6451
|
+
x05 = rotl$1(x05 ^ x09, 7);
|
|
6452
6452
|
x02 = x02 + x06 | 0;
|
|
6453
|
-
x14 = rotl$
|
|
6453
|
+
x14 = rotl$1(x14 ^ x02, 16);
|
|
6454
6454
|
x10 = x10 + x14 | 0;
|
|
6455
|
-
x06 = rotl$
|
|
6455
|
+
x06 = rotl$1(x06 ^ x10, 12);
|
|
6456
6456
|
x02 = x02 + x06 | 0;
|
|
6457
|
-
x14 = rotl$
|
|
6457
|
+
x14 = rotl$1(x14 ^ x02, 8);
|
|
6458
6458
|
x10 = x10 + x14 | 0;
|
|
6459
|
-
x06 = rotl$
|
|
6459
|
+
x06 = rotl$1(x06 ^ x10, 7);
|
|
6460
6460
|
x03 = x03 + x07 | 0;
|
|
6461
|
-
x15 = rotl$
|
|
6461
|
+
x15 = rotl$1(x15 ^ x03, 16);
|
|
6462
6462
|
x11 = x11 + x15 | 0;
|
|
6463
|
-
x07 = rotl$
|
|
6463
|
+
x07 = rotl$1(x07 ^ x11, 12);
|
|
6464
6464
|
x03 = x03 + x07 | 0;
|
|
6465
|
-
x15 = rotl$
|
|
6465
|
+
x15 = rotl$1(x15 ^ x03, 8);
|
|
6466
6466
|
x11 = x11 + x15 | 0;
|
|
6467
|
-
x07 = rotl$
|
|
6467
|
+
x07 = rotl$1(x07 ^ x11, 7);
|
|
6468
6468
|
x00 = x00 + x05 | 0;
|
|
6469
|
-
x15 = rotl$
|
|
6469
|
+
x15 = rotl$1(x15 ^ x00, 16);
|
|
6470
6470
|
x10 = x10 + x15 | 0;
|
|
6471
|
-
x05 = rotl$
|
|
6471
|
+
x05 = rotl$1(x05 ^ x10, 12);
|
|
6472
6472
|
x00 = x00 + x05 | 0;
|
|
6473
|
-
x15 = rotl$
|
|
6473
|
+
x15 = rotl$1(x15 ^ x00, 8);
|
|
6474
6474
|
x10 = x10 + x15 | 0;
|
|
6475
|
-
x05 = rotl$
|
|
6475
|
+
x05 = rotl$1(x05 ^ x10, 7);
|
|
6476
6476
|
x01 = x01 + x06 | 0;
|
|
6477
|
-
x12 = rotl$
|
|
6477
|
+
x12 = rotl$1(x12 ^ x01, 16);
|
|
6478
6478
|
x11 = x11 + x12 | 0;
|
|
6479
|
-
x06 = rotl$
|
|
6479
|
+
x06 = rotl$1(x06 ^ x11, 12);
|
|
6480
6480
|
x01 = x01 + x06 | 0;
|
|
6481
|
-
x12 = rotl$
|
|
6481
|
+
x12 = rotl$1(x12 ^ x01, 8);
|
|
6482
6482
|
x11 = x11 + x12 | 0;
|
|
6483
|
-
x06 = rotl$
|
|
6483
|
+
x06 = rotl$1(x06 ^ x11, 7);
|
|
6484
6484
|
x02 = x02 + x07 | 0;
|
|
6485
|
-
x13 = rotl$
|
|
6485
|
+
x13 = rotl$1(x13 ^ x02, 16);
|
|
6486
6486
|
x08 = x08 + x13 | 0;
|
|
6487
|
-
x07 = rotl$
|
|
6487
|
+
x07 = rotl$1(x07 ^ x08, 12);
|
|
6488
6488
|
x02 = x02 + x07 | 0;
|
|
6489
|
-
x13 = rotl$
|
|
6489
|
+
x13 = rotl$1(x13 ^ x02, 8);
|
|
6490
6490
|
x08 = x08 + x13 | 0;
|
|
6491
|
-
x07 = rotl$
|
|
6491
|
+
x07 = rotl$1(x07 ^ x08, 7);
|
|
6492
6492
|
x03 = x03 + x04 | 0;
|
|
6493
|
-
x14 = rotl$
|
|
6493
|
+
x14 = rotl$1(x14 ^ x03, 16);
|
|
6494
6494
|
x09 = x09 + x14 | 0;
|
|
6495
|
-
x04 = rotl$
|
|
6495
|
+
x04 = rotl$1(x04 ^ x09, 12);
|
|
6496
6496
|
x03 = x03 + x04 | 0;
|
|
6497
|
-
x14 = rotl$
|
|
6497
|
+
x14 = rotl$1(x14 ^ x03, 8);
|
|
6498
6498
|
x09 = x09 + x14 | 0;
|
|
6499
|
-
x04 = rotl$
|
|
6499
|
+
x04 = rotl$1(x04 ^ x09, 7);
|
|
6500
6500
|
}
|
|
6501
6501
|
let oi = 0;
|
|
6502
6502
|
out[oi++] = x00;
|
|
@@ -6510,6 +6510,31 @@ function hchacha$1(s, k, i, out) {
|
|
|
6510
6510
|
swap32IfBE$2(out);
|
|
6511
6511
|
}
|
|
6512
6512
|
/**
|
|
6513
|
+
* ChaCha stream cipher. Conforms to RFC 8439 (IETF, TLS). 12-byte nonce, 4-byte counter.
|
|
6514
|
+
* With smaller nonce, it's not safe to make it random (CSPRNG), due to collision chance.
|
|
6515
|
+
* @param key - 32-byte key.
|
|
6516
|
+
* @param nonce - 12-byte nonce.
|
|
6517
|
+
* @param data - Input bytes to xor with the keystream.
|
|
6518
|
+
* @param output - Optional destination buffer.
|
|
6519
|
+
* @param counter - Initial block counter.
|
|
6520
|
+
* @returns Encrypted or decrypted bytes.
|
|
6521
|
+
* @example
|
|
6522
|
+
* Encrypts bytes with the RFC 8439 ChaCha20 stream cipher and a fresh key/nonce.
|
|
6523
|
+
*
|
|
6524
|
+
* ```ts
|
|
6525
|
+
* import { chacha20 } from '@noble/ciphers/chacha.js';
|
|
6526
|
+
* import { randomBytes } from '@noble/ciphers/utils.js';
|
|
6527
|
+
* const key = randomBytes(32);
|
|
6528
|
+
* const nonce = randomBytes(12);
|
|
6529
|
+
* chacha20(key, nonce, new Uint8Array(4));
|
|
6530
|
+
* ```
|
|
6531
|
+
*/
|
|
6532
|
+
const chacha20 = /* @__PURE__ */ createCipher(chachaCore, {
|
|
6533
|
+
counterRight: false,
|
|
6534
|
+
counterLength: 4,
|
|
6535
|
+
allowShortKeys: false
|
|
6536
|
+
});
|
|
6537
|
+
/**
|
|
6513
6538
|
* XChaCha eXtended-nonce ChaCha. With 24-byte nonce, it's safe to make it random (CSPRNG).
|
|
6514
6539
|
* See {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha | the IRTF draft}.
|
|
6515
6540
|
* The nonce/counter layout still reserves 8 counter bytes internally, but the shared public
|
|
@@ -6532,29 +6557,29 @@ function hchacha$1(s, k, i, out) {
|
|
|
6532
6557
|
* xchacha20(key, nonce, new Uint8Array(4));
|
|
6533
6558
|
* ```
|
|
6534
6559
|
*/
|
|
6535
|
-
const xchacha20
|
|
6560
|
+
const xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {
|
|
6536
6561
|
counterRight: false,
|
|
6537
6562
|
counterLength: 8,
|
|
6538
|
-
extendNonceFn: hchacha
|
|
6563
|
+
extendNonceFn: hchacha,
|
|
6539
6564
|
allowShortKeys: false
|
|
6540
6565
|
});
|
|
6541
|
-
const ZEROS16
|
|
6542
|
-
const updatePadded
|
|
6566
|
+
const ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
|
|
6567
|
+
const updatePadded = (h, msg) => {
|
|
6543
6568
|
h.update(msg);
|
|
6544
6569
|
const leftover = msg.length % 16;
|
|
6545
|
-
if (leftover) h.update(ZEROS16
|
|
6546
|
-
};
|
|
6547
|
-
const ZEROS32
|
|
6548
|
-
function computeTag
|
|
6549
|
-
if (AAD !== void 0) abytes$
|
|
6550
|
-
const authKey = fn(key, nonce, ZEROS32
|
|
6551
|
-
const lengths = u64Lengths
|
|
6552
|
-
const h = poly1305
|
|
6553
|
-
if (AAD) updatePadded
|
|
6554
|
-
updatePadded
|
|
6570
|
+
if (leftover) h.update(ZEROS16.subarray(leftover));
|
|
6571
|
+
};
|
|
6572
|
+
const ZEROS32 = /* @__PURE__ */ new Uint8Array(32);
|
|
6573
|
+
function computeTag(fn, key, nonce, ciphertext, AAD) {
|
|
6574
|
+
if (AAD !== void 0) abytes$4(AAD, void 0, "AAD");
|
|
6575
|
+
const authKey = fn(key, nonce, ZEROS32);
|
|
6576
|
+
const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);
|
|
6577
|
+
const h = poly1305.create(authKey);
|
|
6578
|
+
if (AAD) updatePadded(h, AAD);
|
|
6579
|
+
updatePadded(h, ciphertext);
|
|
6555
6580
|
h.update(lengths);
|
|
6556
6581
|
const res = h.digest();
|
|
6557
|
-
clean$
|
|
6582
|
+
clean$2(authKey, lengths);
|
|
6558
6583
|
return res;
|
|
6559
6584
|
}
|
|
6560
6585
|
/**
|
|
@@ -6564,37 +6589,63 @@ function computeTag$1(fn, key, nonce, ciphertext, AAD) {
|
|
|
6564
6589
|
* In salsa20, authKey changes position in salsa stream.
|
|
6565
6590
|
* In chacha, authKey can't be computed inside computeTag, it modifies the counter.
|
|
6566
6591
|
*/
|
|
6567
|
-
const _poly1305_aead
|
|
6592
|
+
const _poly1305_aead = (xorStream) => (key, nonce, AAD) => {
|
|
6568
6593
|
const tagLength = 16;
|
|
6569
6594
|
return {
|
|
6570
6595
|
encrypt(plaintext, output) {
|
|
6571
6596
|
const plength = plaintext.length;
|
|
6572
|
-
output = getOutput
|
|
6597
|
+
output = getOutput(plength + tagLength, output, false);
|
|
6573
6598
|
output.set(plaintext);
|
|
6574
6599
|
const oPlain = output.subarray(0, -16);
|
|
6575
6600
|
xorStream(key, nonce, oPlain, oPlain, 1);
|
|
6576
|
-
const tag = computeTag
|
|
6601
|
+
const tag = computeTag(xorStream, key, nonce, oPlain, AAD);
|
|
6577
6602
|
output.set(tag, plength);
|
|
6578
|
-
clean$
|
|
6603
|
+
clean$2(tag);
|
|
6579
6604
|
return output;
|
|
6580
6605
|
},
|
|
6581
6606
|
decrypt(ciphertext, output) {
|
|
6582
|
-
output = getOutput
|
|
6607
|
+
output = getOutput(ciphertext.length - tagLength, output, false);
|
|
6583
6608
|
const data = ciphertext.subarray(0, -16);
|
|
6584
6609
|
const passedTag = ciphertext.subarray(-16);
|
|
6585
|
-
const tag = computeTag
|
|
6586
|
-
if (!equalBytes$
|
|
6587
|
-
clean$
|
|
6610
|
+
const tag = computeTag(xorStream, key, nonce, data, AAD);
|
|
6611
|
+
if (!equalBytes$2(passedTag, tag)) {
|
|
6612
|
+
clean$2(tag);
|
|
6588
6613
|
throw new Error("invalid tag");
|
|
6589
6614
|
}
|
|
6590
6615
|
output.set(ciphertext.subarray(0, -16));
|
|
6591
6616
|
xorStream(key, nonce, output, output, 1);
|
|
6592
|
-
clean$
|
|
6617
|
+
clean$2(tag);
|
|
6593
6618
|
return output;
|
|
6594
6619
|
}
|
|
6595
6620
|
};
|
|
6596
6621
|
};
|
|
6597
6622
|
/**
|
|
6623
|
+
* ChaCha20-Poly1305 from RFC 8439.
|
|
6624
|
+
*
|
|
6625
|
+
* Unsafe to use random nonces under the same key, due to collision chance.
|
|
6626
|
+
* Prefer XChaCha instead.
|
|
6627
|
+
* @param key - 32-byte key.
|
|
6628
|
+
* @param nonce - 12-byte nonce.
|
|
6629
|
+
* @param AAD - Additional authenticated data.
|
|
6630
|
+
* @returns AEAD cipher instance.
|
|
6631
|
+
* @example
|
|
6632
|
+
* Encrypts and authenticates plaintext with a fresh key and nonce.
|
|
6633
|
+
*
|
|
6634
|
+
* ```ts
|
|
6635
|
+
* import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
|
|
6636
|
+
* import { randomBytes } from '@noble/ciphers/utils.js';
|
|
6637
|
+
* const key = randomBytes(32);
|
|
6638
|
+
* const nonce = randomBytes(12);
|
|
6639
|
+
* const cipher = chacha20poly1305(key, nonce);
|
|
6640
|
+
* cipher.encrypt(new Uint8Array([1, 2, 3]));
|
|
6641
|
+
* ```
|
|
6642
|
+
*/
|
|
6643
|
+
const chacha20poly1305 = /* @__PURE__ */ wrapCipher({
|
|
6644
|
+
blockSize: 64,
|
|
6645
|
+
nonceLength: 12,
|
|
6646
|
+
tagLength: 16
|
|
6647
|
+
}, /* @__PURE__ */ _poly1305_aead(chacha20));
|
|
6648
|
+
/**
|
|
6598
6649
|
* XChaCha20-Poly1305 extended-nonce chacha.
|
|
6599
6650
|
*
|
|
6600
6651
|
* Can be safely used with random nonces (CSPRNG).
|
|
@@ -6615,11 +6666,11 @@ const _poly1305_aead$1 = (xorStream) => (key, nonce, AAD) => {
|
|
|
6615
6666
|
* cipher.encrypt(new Uint8Array([1, 2, 3]));
|
|
6616
6667
|
* ```
|
|
6617
6668
|
*/
|
|
6618
|
-
const xchacha20poly1305
|
|
6669
|
+
const xchacha20poly1305 = /* @__PURE__ */ wrapCipher({
|
|
6619
6670
|
blockSize: 64,
|
|
6620
6671
|
nonceLength: 24,
|
|
6621
6672
|
tagLength: 16
|
|
6622
|
-
}, /* @__PURE__ */ _poly1305_aead
|
|
6673
|
+
}, /* @__PURE__ */ _poly1305_aead(xchacha20));
|
|
6623
6674
|
|
|
6624
6675
|
//#endregion
|
|
6625
6676
|
//#region ../../node_modules/.bun/@noble+hashes@2.2.0/node_modules/@noble/hashes/utils.js
|
|
@@ -6633,7 +6684,7 @@ const xchacha20poly1305$1 = /* @__PURE__ */ wrapCipher$1({
|
|
|
6633
6684
|
* isBytes(new Uint8Array([1, 2, 3]));
|
|
6634
6685
|
* ```
|
|
6635
6686
|
*/
|
|
6636
|
-
function isBytes$
|
|
6687
|
+
function isBytes$3(a) {
|
|
6637
6688
|
return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array" && "BYTES_PER_ELEMENT" in a && a.BYTES_PER_ELEMENT === 1;
|
|
6638
6689
|
}
|
|
6639
6690
|
/**
|
|
@@ -6648,7 +6699,7 @@ function isBytes$4(a) {
|
|
|
6648
6699
|
* anumber(32, 'length');
|
|
6649
6700
|
* ```
|
|
6650
6701
|
*/
|
|
6651
|
-
function anumber$
|
|
6702
|
+
function anumber$3(n, title = "") {
|
|
6652
6703
|
if (typeof n !== "number") {
|
|
6653
6704
|
const prefix = title && `"${title}" `;
|
|
6654
6705
|
throw new TypeError(`${prefix}expected number, got ${typeof n}`);
|
|
@@ -6672,8 +6723,8 @@ function anumber$4(n, title = "") {
|
|
|
6672
6723
|
* abytes(new Uint8Array([1, 2, 3]));
|
|
6673
6724
|
* ```
|
|
6674
6725
|
*/
|
|
6675
|
-
function abytes$
|
|
6676
|
-
const bytes = isBytes$
|
|
6726
|
+
function abytes$3(value, length, title = "") {
|
|
6727
|
+
const bytes = isBytes$3(value);
|
|
6677
6728
|
const len = value?.length;
|
|
6678
6729
|
const needsLen = length !== void 0;
|
|
6679
6730
|
if (!bytes || needsLen && len !== length) {
|
|
@@ -6702,8 +6753,8 @@ function abytes$4(value, length, title = "") {
|
|
|
6702
6753
|
*/
|
|
6703
6754
|
function ahash$1(h) {
|
|
6704
6755
|
if (typeof h !== "function" || typeof h.create !== "function") throw new TypeError("Hash must wrapped by utils.createHasher");
|
|
6705
|
-
anumber$
|
|
6706
|
-
anumber$
|
|
6756
|
+
anumber$3(h.outputLen);
|
|
6757
|
+
anumber$3(h.blockLen);
|
|
6707
6758
|
if (h.outputLen < 1) throw new Error("\"outputLen\" must be >= 1");
|
|
6708
6759
|
if (h.blockLen < 1) throw new Error("\"blockLen\" must be >= 1");
|
|
6709
6760
|
}
|
|
@@ -6721,7 +6772,7 @@ function ahash$1(h) {
|
|
|
6721
6772
|
* aexists(hash);
|
|
6722
6773
|
* ```
|
|
6723
6774
|
*/
|
|
6724
|
-
function aexists$
|
|
6775
|
+
function aexists$1(instance, checkFinished = true) {
|
|
6725
6776
|
if (instance.destroyed) throw new Error("Hash instance has been destroyed");
|
|
6726
6777
|
if (checkFinished && instance.finished) throw new Error("Hash#digest() has already been called");
|
|
6727
6778
|
}
|
|
@@ -6741,8 +6792,8 @@ function aexists$2(instance, checkFinished = true) {
|
|
|
6741
6792
|
* aoutput(new Uint8Array(hash.outputLen), hash);
|
|
6742
6793
|
* ```
|
|
6743
6794
|
*/
|
|
6744
|
-
function aoutput$
|
|
6745
|
-
abytes$
|
|
6795
|
+
function aoutput$1(out, instance) {
|
|
6796
|
+
abytes$3(out, void 0, "digestInto() output");
|
|
6746
6797
|
const min = instance.outputLen;
|
|
6747
6798
|
if (out.length < min) throw new RangeError("\"digestInto() output\" expected to be of length >=" + min);
|
|
6748
6799
|
}
|
|
@@ -6771,7 +6822,7 @@ function u8(arr) {
|
|
|
6771
6822
|
* u32(new Uint8Array(8));
|
|
6772
6823
|
* ```
|
|
6773
6824
|
*/
|
|
6774
|
-
function u32$
|
|
6825
|
+
function u32$1(arr) {
|
|
6775
6826
|
return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
|
|
6776
6827
|
}
|
|
6777
6828
|
/**
|
|
@@ -6783,7 +6834,7 @@ function u32$2(arr) {
|
|
|
6783
6834
|
* clean(new Uint8Array([1, 2, 3]));
|
|
6784
6835
|
* ```
|
|
6785
6836
|
*/
|
|
6786
|
-
function clean$
|
|
6837
|
+
function clean$1(...arrays) {
|
|
6787
6838
|
for (let i = 0; i < arrays.length; i++) arrays[i].fill(0);
|
|
6788
6839
|
}
|
|
6789
6840
|
/**
|
|
@@ -6796,7 +6847,7 @@ function clean$2(...arrays) {
|
|
|
6796
6847
|
* createView(new Uint8Array(4));
|
|
6797
6848
|
* ```
|
|
6798
6849
|
*/
|
|
6799
|
-
function createView$
|
|
6850
|
+
function createView$1(arr) {
|
|
6800
6851
|
return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
6801
6852
|
}
|
|
6802
6853
|
/**
|
|
@@ -6824,11 +6875,11 @@ function rotr$1(word, shift) {
|
|
|
6824
6875
|
* rotl(0x12345678, 8);
|
|
6825
6876
|
* ```
|
|
6826
6877
|
*/
|
|
6827
|
-
function rotl
|
|
6878
|
+
function rotl(word, shift) {
|
|
6828
6879
|
return word << shift | word >>> 32 - shift >>> 0;
|
|
6829
6880
|
}
|
|
6830
6881
|
/** Whether the current platform is little-endian. */
|
|
6831
|
-
const isLE$
|
|
6882
|
+
const isLE$1 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
|
|
6832
6883
|
/**
|
|
6833
6884
|
* Byte-swap operation for uint32 values.
|
|
6834
6885
|
* @param word - source word
|
|
@@ -6852,7 +6903,7 @@ function byteSwap$1(word) {
|
|
|
6852
6903
|
* swap8IfBE(0x11223344);
|
|
6853
6904
|
* ```
|
|
6854
6905
|
*/
|
|
6855
|
-
const swap8IfBE = isLE$
|
|
6906
|
+
const swap8IfBE = isLE$1 ? (n) => n : (n) => byteSwap$1(n) >>> 0;
|
|
6856
6907
|
/**
|
|
6857
6908
|
* Byte-swaps every word of a Uint32Array in place.
|
|
6858
6909
|
* @param arr - array to mutate
|
|
@@ -6878,7 +6929,7 @@ function byteSwap32$1(arr) {
|
|
|
6878
6929
|
* swap32IfBE(new Uint32Array([0x11223344]));
|
|
6879
6930
|
* ```
|
|
6880
6931
|
*/
|
|
6881
|
-
const swap32IfBE$1 = isLE$
|
|
6932
|
+
const swap32IfBE$1 = isLE$1 ? (u) => u : byteSwap32$1;
|
|
6882
6933
|
const hasHexBuiltin$2 = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function")();
|
|
6883
6934
|
const hexes$1 = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
|
|
6884
6935
|
/**
|
|
@@ -6895,7 +6946,7 @@ const hexes$1 = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString
|
|
|
6895
6946
|
* ```
|
|
6896
6947
|
*/
|
|
6897
6948
|
function bytesToHex$2(bytes) {
|
|
6898
|
-
abytes$
|
|
6949
|
+
abytes$3(bytes);
|
|
6899
6950
|
if (hasHexBuiltin$2) return bytes.toHex();
|
|
6900
6951
|
let hex = "";
|
|
6901
6952
|
for (let i = 0; i < bytes.length; i++) hex += hexes$1[bytes[i]];
|
|
@@ -6981,7 +7032,7 @@ function utf8ToBytes(str) {
|
|
|
6981
7032
|
*/
|
|
6982
7033
|
function kdfInputToBytes(data, errorTitle = "") {
|
|
6983
7034
|
if (typeof data === "string") return utf8ToBytes(data);
|
|
6984
|
-
return abytes$
|
|
7035
|
+
return abytes$3(data, void 0, errorTitle);
|
|
6985
7036
|
}
|
|
6986
7037
|
/**
|
|
6987
7038
|
* Copies several Uint8Arrays into one.
|
|
@@ -6998,7 +7049,7 @@ function concatBytes$2(...arrays) {
|
|
|
6998
7049
|
let sum = 0;
|
|
6999
7050
|
for (let i = 0; i < arrays.length; i++) {
|
|
7000
7051
|
const a = arrays[i];
|
|
7001
|
-
abytes$
|
|
7052
|
+
abytes$3(a);
|
|
7002
7053
|
sum += a.length;
|
|
7003
7054
|
}
|
|
7004
7055
|
const res = new Uint8Array(sum);
|
|
@@ -7021,7 +7072,7 @@ function concatBytes$2(...arrays) {
|
|
|
7021
7072
|
* checkOpts({ dkLen: 32 }, { asyncTick: 10 });
|
|
7022
7073
|
* ```
|
|
7023
7074
|
*/
|
|
7024
|
-
function checkOpts
|
|
7075
|
+
function checkOpts(defaults, opts) {
|
|
7025
7076
|
if (opts !== void 0 && {}.toString.call(opts) !== "[object Object]") throw new TypeError("options must be object or undefined");
|
|
7026
7077
|
return Object.assign(defaults, opts);
|
|
7027
7078
|
}
|
|
@@ -7069,7 +7120,7 @@ function createHasher$1(hashCons, info = {}) {
|
|
|
7069
7120
|
* ```
|
|
7070
7121
|
*/
|
|
7071
7122
|
function randomBytes$4(bytesLength = 32) {
|
|
7072
|
-
anumber$
|
|
7123
|
+
anumber$3(bytesLength, "bytesLength");
|
|
7073
7124
|
const cr = typeof globalThis === "object" ? globalThis.crypto : null;
|
|
7074
7125
|
if (typeof cr?.getRandomValues !== "function") throw new Error("crypto.getRandomValues must be defined");
|
|
7075
7126
|
if (bytesLength > 65536) throw new RangeError(`"bytesLength" expected <= 65536, got ${bytesLength}`);
|
|
@@ -7177,17 +7228,17 @@ var HashMD$1 = class {
|
|
|
7177
7228
|
this.padOffset = padOffset;
|
|
7178
7229
|
this.isLE = isLE;
|
|
7179
7230
|
this.buffer = new Uint8Array(blockLen);
|
|
7180
|
-
this.view = createView$
|
|
7231
|
+
this.view = createView$1(this.buffer);
|
|
7181
7232
|
}
|
|
7182
7233
|
update(data) {
|
|
7183
|
-
aexists$
|
|
7184
|
-
abytes$
|
|
7234
|
+
aexists$1(this);
|
|
7235
|
+
abytes$3(data);
|
|
7185
7236
|
const { view, buffer, blockLen } = this;
|
|
7186
7237
|
const len = data.length;
|
|
7187
7238
|
for (let pos = 0; pos < len;) {
|
|
7188
7239
|
const take = Math.min(blockLen - this.pos, len - pos);
|
|
7189
7240
|
if (take === blockLen) {
|
|
7190
|
-
const dataView = createView$
|
|
7241
|
+
const dataView = createView$1(data);
|
|
7191
7242
|
for (; blockLen <= len - pos; pos += blockLen) this.process(dataView, pos);
|
|
7192
7243
|
continue;
|
|
7193
7244
|
}
|
|
@@ -7204,13 +7255,13 @@ var HashMD$1 = class {
|
|
|
7204
7255
|
return this;
|
|
7205
7256
|
}
|
|
7206
7257
|
digestInto(out) {
|
|
7207
|
-
aexists$
|
|
7208
|
-
aoutput$
|
|
7258
|
+
aexists$1(this);
|
|
7259
|
+
aoutput$1(out, this);
|
|
7209
7260
|
this.finished = true;
|
|
7210
7261
|
const { buffer, view, blockLen, isLE } = this;
|
|
7211
7262
|
let { pos } = this;
|
|
7212
7263
|
buffer[pos++] = 128;
|
|
7213
|
-
clean$
|
|
7264
|
+
clean$1(this.buffer.subarray(pos));
|
|
7214
7265
|
if (this.padOffset > blockLen - pos) {
|
|
7215
7266
|
this.process(view, 0);
|
|
7216
7267
|
pos = 0;
|
|
@@ -7218,7 +7269,7 @@ var HashMD$1 = class {
|
|
|
7218
7269
|
for (let i = pos; i < blockLen; i++) buffer[i] = 0;
|
|
7219
7270
|
view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
|
|
7220
7271
|
this.process(view, 0);
|
|
7221
|
-
const oview = createView$
|
|
7272
|
+
const oview = createView$1(out);
|
|
7222
7273
|
const len = this.outputLen;
|
|
7223
7274
|
if (len % 4) throw new Error("_sha2: outputLen must be aligned to 32bit");
|
|
7224
7275
|
const outLen = len / 4;
|
|
@@ -7476,12 +7527,12 @@ var SHA2_32B$1 = class extends HashMD$1 {
|
|
|
7476
7527
|
this.set(A, B, C, D, E, F, G, H);
|
|
7477
7528
|
}
|
|
7478
7529
|
roundClean() {
|
|
7479
|
-
clean$
|
|
7530
|
+
clean$1(SHA256_W$1);
|
|
7480
7531
|
}
|
|
7481
7532
|
destroy() {
|
|
7482
7533
|
this.destroyed = true;
|
|
7483
7534
|
this.set(0, 0, 0, 0, 0, 0, 0, 0);
|
|
7484
|
-
clean$
|
|
7535
|
+
clean$1(this.buffer);
|
|
7485
7536
|
}
|
|
7486
7537
|
};
|
|
7487
7538
|
/** Internal SHA-256 hash class grounded in RFC 6234 §6.2. */
|
|
@@ -7687,11 +7738,11 @@ var SHA2_64B$1 = class extends HashMD$1 {
|
|
|
7687
7738
|
this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
|
|
7688
7739
|
}
|
|
7689
7740
|
roundClean() {
|
|
7690
|
-
clean$
|
|
7741
|
+
clean$1(SHA512_W_H$1, SHA512_W_L$1);
|
|
7691
7742
|
}
|
|
7692
7743
|
destroy() {
|
|
7693
7744
|
this.destroyed = true;
|
|
7694
|
-
clean$
|
|
7745
|
+
clean$1(this.buffer);
|
|
7695
7746
|
this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
|
7696
7747
|
}
|
|
7697
7748
|
};
|
|
@@ -7747,7 +7798,7 @@ const sha512 = /* @__PURE__ */ createHasher$1(() => new _SHA512(), /* @__PURE__
|
|
|
7747
7798
|
|
|
7748
7799
|
//#endregion
|
|
7749
7800
|
//#region ../../packages/credentials-crypto/src/aead.ts
|
|
7750
|
-
const aead = managedNonce(xchacha20poly1305
|
|
7801
|
+
const aead = managedNonce(xchacha20poly1305);
|
|
7751
7802
|
const textEncoder$2 = new TextEncoder();
|
|
7752
7803
|
const KEY_BYTES$1 = 32;
|
|
7753
7804
|
const LENGTH_PREFIX_BYTES = 4;
|
|
@@ -8140,12 +8191,12 @@ function G2b(a, b, c, d, msg, x) {
|
|
|
8140
8191
|
BBUF[2 * d] = Dl, BBUF[2 * d + 1] = Dh;
|
|
8141
8192
|
}
|
|
8142
8193
|
function checkBlake2Opts(outputLen, opts = {}, keyLen, saltLen, persLen) {
|
|
8143
|
-
anumber$
|
|
8194
|
+
anumber$3(keyLen);
|
|
8144
8195
|
if (outputLen <= 0 || outputLen > keyLen) throw new Error("outputLen bigger than keyLen");
|
|
8145
8196
|
const { key, salt, personalization } = opts;
|
|
8146
8197
|
if (key !== void 0 && (key.length < 1 || key.length > keyLen)) throw new Error("\"key\" expected to be undefined or of length=1.." + keyLen);
|
|
8147
|
-
if (salt !== void 0) abytes$
|
|
8148
|
-
if (personalization !== void 0) abytes$
|
|
8198
|
+
if (salt !== void 0) abytes$3(salt, saltLen, "salt");
|
|
8199
|
+
if (personalization !== void 0) abytes$3(personalization, persLen, "personalization");
|
|
8149
8200
|
}
|
|
8150
8201
|
/** Internal base class for BLAKE2. */
|
|
8151
8202
|
var _BLAKE2 = class {
|
|
@@ -8159,16 +8210,16 @@ var _BLAKE2 = class {
|
|
|
8159
8210
|
outputLen;
|
|
8160
8211
|
canXOF = false;
|
|
8161
8212
|
constructor(blockLen, outputLen) {
|
|
8162
|
-
anumber$
|
|
8163
|
-
anumber$
|
|
8213
|
+
anumber$3(blockLen);
|
|
8214
|
+
anumber$3(outputLen);
|
|
8164
8215
|
this.blockLen = blockLen;
|
|
8165
8216
|
this.outputLen = outputLen;
|
|
8166
8217
|
this.buffer = new Uint8Array(blockLen);
|
|
8167
|
-
this.buffer32 = u32$
|
|
8218
|
+
this.buffer32 = u32$1(this.buffer);
|
|
8168
8219
|
}
|
|
8169
8220
|
update(data) {
|
|
8170
|
-
aexists$
|
|
8171
|
-
abytes$
|
|
8221
|
+
aexists$1(this);
|
|
8222
|
+
abytes$3(data);
|
|
8172
8223
|
const { blockLen, buffer, buffer32 } = this;
|
|
8173
8224
|
const len = data.length;
|
|
8174
8225
|
const offset = data.byteOffset;
|
|
@@ -8200,17 +8251,17 @@ var _BLAKE2 = class {
|
|
|
8200
8251
|
return this;
|
|
8201
8252
|
}
|
|
8202
8253
|
digestInto(out) {
|
|
8203
|
-
aexists$
|
|
8204
|
-
aoutput$
|
|
8254
|
+
aexists$1(this);
|
|
8255
|
+
aoutput$1(out, this);
|
|
8205
8256
|
const { pos, buffer32 } = this;
|
|
8206
8257
|
this.finished = true;
|
|
8207
|
-
clean$
|
|
8258
|
+
clean$1(this.buffer.subarray(pos));
|
|
8208
8259
|
swap32IfBE$1(buffer32);
|
|
8209
8260
|
this.compress(buffer32, 0, true);
|
|
8210
8261
|
swap32IfBE$1(buffer32);
|
|
8211
8262
|
if (out.byteOffset & 3) throw new RangeError("\"digestInto() output\" expected 4-byte aligned byteOffset, got " + out.byteOffset);
|
|
8212
8263
|
const state = this.get();
|
|
8213
|
-
const out32 = u32$
|
|
8264
|
+
const out32 = u32$1(out);
|
|
8214
8265
|
const full = Math.floor(this.outputLen / 4);
|
|
8215
8266
|
for (let i = 0; i < full; i++) out32[i] = swap8IfBE(state[i]);
|
|
8216
8267
|
const tail = this.outputLen % 4;
|
|
@@ -8267,21 +8318,21 @@ var _BLAKE2b = class extends _BLAKE2 {
|
|
|
8267
8318
|
let { key, personalization, salt } = opts;
|
|
8268
8319
|
let keyLength = 0;
|
|
8269
8320
|
if (key !== void 0) {
|
|
8270
|
-
abytes$
|
|
8321
|
+
abytes$3(key, void 0, "key");
|
|
8271
8322
|
keyLength = key.length;
|
|
8272
8323
|
}
|
|
8273
8324
|
this.v0l ^= this.outputLen | keyLength << 8 | 16842752;
|
|
8274
8325
|
if (salt !== void 0) {
|
|
8275
|
-
abytes$
|
|
8276
|
-
const slt = u32$
|
|
8326
|
+
abytes$3(salt, void 0, "salt");
|
|
8327
|
+
const slt = u32$1(salt);
|
|
8277
8328
|
this.v4l ^= swap8IfBE(slt[0]);
|
|
8278
8329
|
this.v4h ^= swap8IfBE(slt[1]);
|
|
8279
8330
|
this.v5l ^= swap8IfBE(slt[2]);
|
|
8280
8331
|
this.v5h ^= swap8IfBE(slt[3]);
|
|
8281
8332
|
}
|
|
8282
8333
|
if (personalization !== void 0) {
|
|
8283
|
-
abytes$
|
|
8284
|
-
const pers = u32$
|
|
8334
|
+
abytes$3(personalization, void 0, "personalization");
|
|
8335
|
+
const pers = u32$1(personalization);
|
|
8285
8336
|
this.v6l ^= swap8IfBE(pers[0]);
|
|
8286
8337
|
this.v6h ^= swap8IfBE(pers[1]);
|
|
8287
8338
|
this.v7l ^= swap8IfBE(pers[2]);
|
|
@@ -8378,11 +8429,11 @@ var _BLAKE2b = class extends _BLAKE2 {
|
|
|
8378
8429
|
this.v6h ^= BBUF[13] ^ BBUF[29];
|
|
8379
8430
|
this.v7l ^= BBUF[14] ^ BBUF[30];
|
|
8380
8431
|
this.v7h ^= BBUF[15] ^ BBUF[31];
|
|
8381
|
-
clean$
|
|
8432
|
+
clean$1(BBUF);
|
|
8382
8433
|
}
|
|
8383
8434
|
destroy() {
|
|
8384
8435
|
this.destroyed = true;
|
|
8385
|
-
clean$
|
|
8436
|
+
clean$1(this.buffer32);
|
|
8386
8437
|
this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
|
8387
8438
|
}
|
|
8388
8439
|
};
|
|
@@ -8516,7 +8567,7 @@ function block(x, xPos, yPos, outPos, needXor) {
|
|
|
8516
8567
|
for (let i = 0; i < 16; i += 2) P(i, i + 1, i + 16, i + 17, i + 32, i + 33, i + 48, i + 49, i + 64, i + 65, i + 80, i + 81, i + 96, i + 97, i + 112, i + 113);
|
|
8517
8568
|
if (needXor) for (let i = 0; i < 256; i++) x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
|
|
8518
8569
|
else for (let i = 0; i < 256; i++) x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
|
|
8519
|
-
clean$
|
|
8570
|
+
clean$1(A2_BUF);
|
|
8520
8571
|
}
|
|
8521
8572
|
function Hp(A, dkLen) {
|
|
8522
8573
|
const A8 = u8(A);
|
|
@@ -8536,7 +8587,7 @@ function Hp(A, dkLen) {
|
|
|
8536
8587
|
out.set(V.subarray(0, 32), pos);
|
|
8537
8588
|
}
|
|
8538
8589
|
out.set(blake2b(V, { dkLen: dkLen - pos }), pos);
|
|
8539
|
-
clean$
|
|
8590
|
+
clean$1(V, T);
|
|
8540
8591
|
return out;
|
|
8541
8592
|
}
|
|
8542
8593
|
function indexAlpha(r, s, laneLen, segmentLen, index, randL, sameLane = false) {
|
|
@@ -8566,7 +8617,7 @@ function argon2Opts(opts) {
|
|
|
8566
8617
|
if (!isU32(m)) throw new Error("\"m\" must be 0..2^32");
|
|
8567
8618
|
if (!isU32(t) || t < 1) throw new Error("\"t\" (iterations) must be 1..2^32");
|
|
8568
8619
|
if (onProgress !== void 0 && typeof onProgress !== "function") throw new Error("\"progressCb\" must be a function");
|
|
8569
|
-
anumber$
|
|
8620
|
+
anumber$3(asyncTick, "asyncTick");
|
|
8570
8621
|
if (!isU32(m) || m < 8 * p) throw new Error("\"m\" (memory) must be at least 8*p bytes");
|
|
8571
8622
|
if (version !== 16 && version !== 19) throw new Error("\"version\" must be 0x10 or 0x13, got " + version);
|
|
8572
8623
|
return merged;
|
|
@@ -8618,9 +8669,9 @@ function argon2Init(password, salt, type, opts) {
|
|
|
8618
8669
|
const i = 256 * laneLen * l;
|
|
8619
8670
|
H0[17] = swap8IfBE(l);
|
|
8620
8671
|
H0[16] = swap8IfBE(0);
|
|
8621
|
-
B.set(swap32IfBE$1(u32$
|
|
8672
|
+
B.set(swap32IfBE$1(u32$1(Hp(H0, 1024))), i);
|
|
8622
8673
|
H0[16] = swap8IfBE(1);
|
|
8623
|
-
B.set(swap32IfBE$1(u32$
|
|
8674
|
+
B.set(swap32IfBE$1(u32$1(Hp(H0, 1024))), i + 256);
|
|
8624
8675
|
}
|
|
8625
8676
|
let perBlock = () => {};
|
|
8626
8677
|
if (onProgress) {
|
|
@@ -8632,7 +8683,7 @@ function argon2Init(password, salt, type, opts) {
|
|
|
8632
8683
|
if (onProgress && (!(blockCnt % callbackPer) || blockCnt === totalBlock)) onProgress(blockCnt / totalBlock);
|
|
8633
8684
|
};
|
|
8634
8685
|
}
|
|
8635
|
-
clean$
|
|
8686
|
+
clean$1(BUF, H0);
|
|
8636
8687
|
return {
|
|
8637
8688
|
type,
|
|
8638
8689
|
mP,
|
|
@@ -8652,7 +8703,7 @@ function argon2Output(B, p, laneLen, dkLen) {
|
|
|
8652
8703
|
const B_final = new Uint32Array(256);
|
|
8653
8704
|
for (let l = 0; l < p; l++) for (let j = 0; j < 256; j++) B_final[j] ^= B[256 * (laneLen * l + laneLen - 1) + j];
|
|
8654
8705
|
const res = Hp(swap32IfBE$1(B_final), dkLen);
|
|
8655
|
-
clean$
|
|
8706
|
+
clean$1(B, B_final);
|
|
8656
8707
|
return res;
|
|
8657
8708
|
}
|
|
8658
8709
|
function processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor) {
|
|
@@ -8710,7 +8761,7 @@ function argon2(type, password, salt, opts) {
|
|
|
8710
8761
|
}
|
|
8711
8762
|
}
|
|
8712
8763
|
}
|
|
8713
|
-
clean$
|
|
8764
|
+
clean$1(address);
|
|
8714
8765
|
return argon2Output(B, p, laneLen, dkLen);
|
|
8715
8766
|
}
|
|
8716
8767
|
/**
|
|
@@ -8749,7 +8800,7 @@ var _HMAC$1 = class {
|
|
|
8749
8800
|
destroyed = false;
|
|
8750
8801
|
constructor(hash, key) {
|
|
8751
8802
|
ahash$1(hash);
|
|
8752
|
-
abytes$
|
|
8803
|
+
abytes$3(key, void 0, "key");
|
|
8753
8804
|
this.iHash = hash.create();
|
|
8754
8805
|
if (typeof this.iHash.update !== "function") throw new Error("Expected instance of class which extends utils.Hash");
|
|
8755
8806
|
this.blockLen = this.iHash.blockLen;
|
|
@@ -8762,16 +8813,16 @@ var _HMAC$1 = class {
|
|
|
8762
8813
|
this.oHash = hash.create();
|
|
8763
8814
|
for (let i = 0; i < pad.length; i++) pad[i] ^= 106;
|
|
8764
8815
|
this.oHash.update(pad);
|
|
8765
|
-
clean$
|
|
8816
|
+
clean$1(pad);
|
|
8766
8817
|
}
|
|
8767
8818
|
update(buf) {
|
|
8768
|
-
aexists$
|
|
8819
|
+
aexists$1(this);
|
|
8769
8820
|
this.iHash.update(buf);
|
|
8770
8821
|
return this;
|
|
8771
8822
|
}
|
|
8772
8823
|
digestInto(out) {
|
|
8773
|
-
aexists$
|
|
8774
|
-
aoutput$
|
|
8824
|
+
aexists$1(this);
|
|
8825
|
+
aoutput$1(out, this);
|
|
8775
8826
|
this.finished = true;
|
|
8776
8827
|
const buf = out.subarray(0, this.outputLen);
|
|
8777
8828
|
this.iHash.digestInto(buf);
|
|
@@ -8862,14 +8913,14 @@ const EMPTY_BUFFER$1 = /* @__PURE__ */ Uint8Array.of();
|
|
|
8862
8913
|
*/
|
|
8863
8914
|
function expand$1(hash, prk, info, length = 32) {
|
|
8864
8915
|
ahash$1(hash);
|
|
8865
|
-
anumber$
|
|
8866
|
-
abytes$
|
|
8916
|
+
anumber$3(length, "length");
|
|
8917
|
+
abytes$3(prk, void 0, "prk");
|
|
8867
8918
|
const olen = hash.outputLen;
|
|
8868
8919
|
if (prk.length < olen) throw new Error("\"prk\" must be at least HashLen octets");
|
|
8869
8920
|
if (length > 255 * olen) throw new Error("Length must be <= 255*HashLen");
|
|
8870
8921
|
const blocks = Math.ceil(length / olen);
|
|
8871
8922
|
if (info === void 0) info = EMPTY_BUFFER$1;
|
|
8872
|
-
else abytes$
|
|
8923
|
+
else abytes$3(info, void 0, "info");
|
|
8873
8924
|
const okm = new Uint8Array(blocks * olen);
|
|
8874
8925
|
const HMAC = hmac$1.create(hash, prk);
|
|
8875
8926
|
const HMACTmp = HMAC._cloneInto();
|
|
@@ -8882,7 +8933,7 @@ function expand$1(hash, prk, info, length = 32) {
|
|
|
8882
8933
|
}
|
|
8883
8934
|
HMAC.destroy();
|
|
8884
8935
|
HMACTmp.destroy();
|
|
8885
|
-
clean$
|
|
8936
|
+
clean$1(T, HKDF_COUNTER$1);
|
|
8886
8937
|
return okm.slice(0, length);
|
|
8887
8938
|
}
|
|
8888
8939
|
/**
|
|
@@ -8914,12 +8965,12 @@ const hkdf = (hash, ikm, salt, info, length) => expand$1(hash, extract$1(hash, i
|
|
|
8914
8965
|
//#endregion
|
|
8915
8966
|
//#region ../../node_modules/.bun/@scure+base@2.2.0/node_modules/@scure/base/index.js
|
|
8916
8967
|
/*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
8917
|
-
function isBytes$
|
|
8968
|
+
function isBytes$2(a) {
|
|
8918
8969
|
return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array" && "BYTES_PER_ELEMENT" in a && a.BYTES_PER_ELEMENT === 1;
|
|
8919
8970
|
}
|
|
8920
8971
|
/** Asserts something is Uint8Array. */
|
|
8921
|
-
function abytes$
|
|
8922
|
-
if (!isBytes$
|
|
8972
|
+
function abytes$2(b) {
|
|
8973
|
+
if (!isBytes$2(b)) throw new TypeError("Uint8Array expected");
|
|
8923
8974
|
}
|
|
8924
8975
|
function isArrayOf(isString, arr) {
|
|
8925
8976
|
if (!Array.isArray(arr)) return false;
|
|
@@ -8935,7 +8986,7 @@ function astr(label, input) {
|
|
|
8935
8986
|
if (typeof input !== "string") throw new TypeError(`${label}: string expected`);
|
|
8936
8987
|
return true;
|
|
8937
8988
|
}
|
|
8938
|
-
function anumber$
|
|
8989
|
+
function anumber$2(n) {
|
|
8939
8990
|
if (typeof n !== "number") throw new TypeError(`number expected, got ${typeof n}`);
|
|
8940
8991
|
if (!Number.isSafeInteger(n)) throw new RangeError(`invalid integer: ${n}`);
|
|
8941
8992
|
}
|
|
@@ -9009,7 +9060,7 @@ function join(separator = "") {
|
|
|
9009
9060
|
* @__NO_SIDE_EFFECTS__
|
|
9010
9061
|
*/
|
|
9011
9062
|
function padding(bits, chr = "=") {
|
|
9012
|
-
anumber$
|
|
9063
|
+
anumber$2(bits);
|
|
9013
9064
|
astr("padding", chr);
|
|
9014
9065
|
return {
|
|
9015
9066
|
encode(data) {
|
|
@@ -9057,7 +9108,7 @@ function convertRadix2(data, from, to, padding) {
|
|
|
9057
9108
|
const mask = powers[to] - 1;
|
|
9058
9109
|
const res = [];
|
|
9059
9110
|
for (const n of data) {
|
|
9060
|
-
anumber$
|
|
9111
|
+
anumber$2(n);
|
|
9061
9112
|
if (n >= max) throw new Error(`convertRadix2: invalid data word=${n} from=${from}`);
|
|
9062
9113
|
carry = carry << from | n;
|
|
9063
9114
|
if (pos + from > 32) throw new Error(`convertRadix2: carry overflow pos=${pos} from=${from}`);
|
|
@@ -9079,12 +9130,12 @@ function convertRadix2(data, from, to, padding) {
|
|
|
9079
9130
|
* @__NO_SIDE_EFFECTS__
|
|
9080
9131
|
*/
|
|
9081
9132
|
function radix2(bits, revPadding = false) {
|
|
9082
|
-
anumber$
|
|
9133
|
+
anumber$2(bits);
|
|
9083
9134
|
if (bits <= 0 || bits > 32) throw new RangeError("radix2: bits should be in (0..32]");
|
|
9084
9135
|
if (/* @__PURE__ */ radix2carry(8, bits) > 32 || /* @__PURE__ */ radix2carry(bits, 8) > 32) throw new RangeError("radix2: carry overflow");
|
|
9085
9136
|
return {
|
|
9086
9137
|
encode: (bytes) => {
|
|
9087
|
-
if (!isBytes$
|
|
9138
|
+
if (!isBytes$2(bytes)) throw new TypeError("radix2.encode input should be Uint8Array");
|
|
9088
9139
|
return convertRadix2(Array.from(bytes), 8, bits, !revPadding);
|
|
9089
9140
|
},
|
|
9090
9141
|
decode: (digits) => {
|
|
@@ -9206,7 +9257,7 @@ const decodeBase64Builtin = (s, isUrl) => {
|
|
|
9206
9257
|
*/
|
|
9207
9258
|
const base64 = /* @__PURE__ */ Object.freeze(hasBase64Builtin ? {
|
|
9208
9259
|
encode(b) {
|
|
9209
|
-
abytes$
|
|
9260
|
+
abytes$2(b);
|
|
9210
9261
|
return b.toBase64();
|
|
9211
9262
|
},
|
|
9212
9263
|
decode(s) {
|
|
@@ -9239,7 +9290,7 @@ const base64nopad = /* @__PURE__ */ Object.freeze(chain(radix2(6), alphabet("ABC
|
|
|
9239
9290
|
*/
|
|
9240
9291
|
const base64url = /* @__PURE__ */ Object.freeze(hasBase64Builtin ? {
|
|
9241
9292
|
encode(b) {
|
|
9242
|
-
abytes$
|
|
9293
|
+
abytes$2(b);
|
|
9243
9294
|
return b.toBase64({ alphabet: "base64url" });
|
|
9244
9295
|
},
|
|
9245
9296
|
decode(s) {
|
|
@@ -9298,7 +9349,7 @@ function genBech32(encoding) {
|
|
|
9298
9349
|
const fromWordsUnsafe = unsafeWrapper(fromWords);
|
|
9299
9350
|
function encode(prefix, words, limit = 90) {
|
|
9300
9351
|
astr("bech32.encode prefix", prefix);
|
|
9301
|
-
if (isBytes$
|
|
9352
|
+
if (isBytes$2(words)) words = Array.from(words);
|
|
9302
9353
|
anumArr("bech32.encode", words);
|
|
9303
9354
|
const plen = prefix.length;
|
|
9304
9355
|
if (plen === 0) throw new TypeError(`Invalid prefix length ${plen}`);
|
|
@@ -9378,7 +9429,7 @@ const bech32m = /* @__PURE__ */ Object.freeze(genBech32("bech32m"));
|
|
|
9378
9429
|
const hasHexBuiltin$1 = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function")();
|
|
9379
9430
|
const hexBuiltin = {
|
|
9380
9431
|
encode(data) {
|
|
9381
|
-
abytes$
|
|
9432
|
+
abytes$2(data);
|
|
9382
9433
|
return data.toHex();
|
|
9383
9434
|
},
|
|
9384
9435
|
decode(s) {
|
|
@@ -9408,13 +9459,13 @@ const hex = /* @__PURE__ */ Object.freeze(hasHexBuiltin$1 ? hexBuiltin : chain(r
|
|
|
9408
9459
|
*/
|
|
9409
9460
|
function pbkdf2Init(hash, _password, _salt, _opts) {
|
|
9410
9461
|
ahash$1(hash);
|
|
9411
|
-
const { c, dkLen, asyncTick } = checkOpts
|
|
9462
|
+
const { c, dkLen, asyncTick } = checkOpts({
|
|
9412
9463
|
dkLen: 32,
|
|
9413
9464
|
asyncTick: 10
|
|
9414
9465
|
}, _opts);
|
|
9415
|
-
anumber$
|
|
9416
|
-
anumber$
|
|
9417
|
-
anumber$
|
|
9466
|
+
anumber$3(c, "c");
|
|
9467
|
+
anumber$3(dkLen, "dkLen");
|
|
9468
|
+
anumber$3(asyncTick, "asyncTick");
|
|
9418
9469
|
if (c < 1) throw new Error("iterations (c) must be >= 1");
|
|
9419
9470
|
if (dkLen < 1) throw new Error("\"dkLen\" must be >= 1");
|
|
9420
9471
|
if (dkLen > (2 ** 32 - 1) * hash.outputLen) throw new Error("derived key too long");
|
|
@@ -9435,7 +9486,7 @@ function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) {
|
|
|
9435
9486
|
PRF.destroy();
|
|
9436
9487
|
PRFSalt.destroy();
|
|
9437
9488
|
if (prfW) prfW.destroy();
|
|
9438
|
-
clean$
|
|
9489
|
+
clean$1(u);
|
|
9439
9490
|
return DK;
|
|
9440
9491
|
}
|
|
9441
9492
|
/**
|
|
@@ -9460,7 +9511,7 @@ function pbkdf2(hash, password, salt, opts) {
|
|
|
9460
9511
|
const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
|
|
9461
9512
|
let prfW;
|
|
9462
9513
|
const arr = new Uint8Array(4);
|
|
9463
|
-
const view = createView$
|
|
9514
|
+
const view = createView$1(arr);
|
|
9464
9515
|
const u = new Uint8Array(PRF.outputLen);
|
|
9465
9516
|
for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
|
|
9466
9517
|
const Ti = DK.subarray(pos, pos + PRF.outputLen);
|
|
@@ -9492,38 +9543,38 @@ function XorAndSalsa(prev, pi, input, ii, out, oi) {
|
|
|
9492
9543
|
let y14 = prev[pi++] ^ input[ii++], y15 = prev[pi++] ^ input[ii++];
|
|
9493
9544
|
let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
|
|
9494
9545
|
for (let i = 0; i < 8; i += 2) {
|
|
9495
|
-
x04 ^= rotl
|
|
9496
|
-
x08 ^= rotl
|
|
9497
|
-
x12 ^= rotl
|
|
9498
|
-
x00 ^= rotl
|
|
9499
|
-
x09 ^= rotl
|
|
9500
|
-
x13 ^= rotl
|
|
9501
|
-
x01 ^= rotl
|
|
9502
|
-
x05 ^= rotl
|
|
9503
|
-
x14 ^= rotl
|
|
9504
|
-
x02 ^= rotl
|
|
9505
|
-
x06 ^= rotl
|
|
9506
|
-
x10 ^= rotl
|
|
9507
|
-
x03 ^= rotl
|
|
9508
|
-
x07 ^= rotl
|
|
9509
|
-
x11 ^= rotl
|
|
9510
|
-
x15 ^= rotl
|
|
9511
|
-
x01 ^= rotl
|
|
9512
|
-
x02 ^= rotl
|
|
9513
|
-
x03 ^= rotl
|
|
9514
|
-
x00 ^= rotl
|
|
9515
|
-
x06 ^= rotl
|
|
9516
|
-
x07 ^= rotl
|
|
9517
|
-
x04 ^= rotl
|
|
9518
|
-
x05 ^= rotl
|
|
9519
|
-
x11 ^= rotl
|
|
9520
|
-
x08 ^= rotl
|
|
9521
|
-
x09 ^= rotl
|
|
9522
|
-
x10 ^= rotl
|
|
9523
|
-
x12 ^= rotl
|
|
9524
|
-
x13 ^= rotl
|
|
9525
|
-
x14 ^= rotl
|
|
9526
|
-
x15 ^= rotl
|
|
9546
|
+
x04 ^= rotl(x00 + x12 | 0, 7);
|
|
9547
|
+
x08 ^= rotl(x04 + x00 | 0, 9);
|
|
9548
|
+
x12 ^= rotl(x08 + x04 | 0, 13);
|
|
9549
|
+
x00 ^= rotl(x12 + x08 | 0, 18);
|
|
9550
|
+
x09 ^= rotl(x05 + x01 | 0, 7);
|
|
9551
|
+
x13 ^= rotl(x09 + x05 | 0, 9);
|
|
9552
|
+
x01 ^= rotl(x13 + x09 | 0, 13);
|
|
9553
|
+
x05 ^= rotl(x01 + x13 | 0, 18);
|
|
9554
|
+
x14 ^= rotl(x10 + x06 | 0, 7);
|
|
9555
|
+
x02 ^= rotl(x14 + x10 | 0, 9);
|
|
9556
|
+
x06 ^= rotl(x02 + x14 | 0, 13);
|
|
9557
|
+
x10 ^= rotl(x06 + x02 | 0, 18);
|
|
9558
|
+
x03 ^= rotl(x15 + x11 | 0, 7);
|
|
9559
|
+
x07 ^= rotl(x03 + x15 | 0, 9);
|
|
9560
|
+
x11 ^= rotl(x07 + x03 | 0, 13);
|
|
9561
|
+
x15 ^= rotl(x11 + x07 | 0, 18);
|
|
9562
|
+
x01 ^= rotl(x00 + x03 | 0, 7);
|
|
9563
|
+
x02 ^= rotl(x01 + x00 | 0, 9);
|
|
9564
|
+
x03 ^= rotl(x02 + x01 | 0, 13);
|
|
9565
|
+
x00 ^= rotl(x03 + x02 | 0, 18);
|
|
9566
|
+
x06 ^= rotl(x05 + x04 | 0, 7);
|
|
9567
|
+
x07 ^= rotl(x06 + x05 | 0, 9);
|
|
9568
|
+
x04 ^= rotl(x07 + x06 | 0, 13);
|
|
9569
|
+
x05 ^= rotl(x04 + x07 | 0, 18);
|
|
9570
|
+
x11 ^= rotl(x10 + x09 | 0, 7);
|
|
9571
|
+
x08 ^= rotl(x11 + x10 | 0, 9);
|
|
9572
|
+
x09 ^= rotl(x08 + x11 | 0, 13);
|
|
9573
|
+
x10 ^= rotl(x09 + x08 | 0, 18);
|
|
9574
|
+
x12 ^= rotl(x15 + x14 | 0, 7);
|
|
9575
|
+
x13 ^= rotl(x12 + x15 | 0, 9);
|
|
9576
|
+
x14 ^= rotl(x13 + x12 | 0, 13);
|
|
9577
|
+
x15 ^= rotl(x14 + x13 | 0, 18);
|
|
9527
9578
|
}
|
|
9528
9579
|
out[oi++] = y00 + x00 | 0;
|
|
9529
9580
|
out[oi++] = y01 + x01 | 0;
|
|
@@ -9553,17 +9604,17 @@ function BlockMix(input, ii, out, oi, r) {
|
|
|
9553
9604
|
}
|
|
9554
9605
|
}
|
|
9555
9606
|
function scryptInit(password, salt, _opts) {
|
|
9556
|
-
const { N, r, p, dkLen, asyncTick, maxmem, onProgress } = checkOpts
|
|
9607
|
+
const { N, r, p, dkLen, asyncTick, maxmem, onProgress } = checkOpts({
|
|
9557
9608
|
dkLen: 32,
|
|
9558
9609
|
asyncTick: 10,
|
|
9559
9610
|
maxmem: 1024 ** 3 + 1024
|
|
9560
9611
|
}, _opts);
|
|
9561
|
-
anumber$
|
|
9562
|
-
anumber$
|
|
9563
|
-
anumber$
|
|
9564
|
-
anumber$
|
|
9565
|
-
anumber$
|
|
9566
|
-
anumber$
|
|
9612
|
+
anumber$3(N, "N");
|
|
9613
|
+
anumber$3(r, "r");
|
|
9614
|
+
anumber$3(p, "p");
|
|
9615
|
+
anumber$3(dkLen, "dkLen");
|
|
9616
|
+
anumber$3(asyncTick, "asyncTick");
|
|
9617
|
+
anumber$3(maxmem, "maxmem");
|
|
9567
9618
|
if (onProgress !== void 0 && typeof onProgress !== "function") throw new Error("progressCb must be a function");
|
|
9568
9619
|
const blockSize = 128 * r;
|
|
9569
9620
|
const blockSize32 = blockSize / 4;
|
|
@@ -9577,9 +9628,9 @@ function scryptInit(password, salt, _opts) {
|
|
|
9577
9628
|
c: 1,
|
|
9578
9629
|
dkLen: blockSize * p
|
|
9579
9630
|
});
|
|
9580
|
-
const B32 = u32$
|
|
9581
|
-
const V = u32$
|
|
9582
|
-
const tmp = u32$
|
|
9631
|
+
const B32 = u32$1(B);
|
|
9632
|
+
const V = u32$1(new Uint8Array(blockSize * N));
|
|
9633
|
+
const tmp = u32$1(new Uint8Array(blockSize));
|
|
9583
9634
|
let blockMixCb = () => {};
|
|
9584
9635
|
if (onProgress) {
|
|
9585
9636
|
const totalBlockMix = 2 * N * p;
|
|
@@ -9609,7 +9660,7 @@ function scryptOutput(password, dkLen, B, V, tmp) {
|
|
|
9609
9660
|
c: 1,
|
|
9610
9661
|
dkLen
|
|
9611
9662
|
});
|
|
9612
|
-
clean$
|
|
9663
|
+
clean$1(B, V, tmp);
|
|
9613
9664
|
return res;
|
|
9614
9665
|
}
|
|
9615
9666
|
/**
|
|
@@ -9650,843 +9701,6 @@ function scrypt(password, salt, opts) {
|
|
|
9650
9701
|
return scryptOutput(password, dkLen, B, V, tmp);
|
|
9651
9702
|
}
|
|
9652
9703
|
|
|
9653
|
-
//#endregion
|
|
9654
|
-
//#region ../../node_modules/.bun/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/utils.js
|
|
9655
|
-
/**
|
|
9656
|
-
* Utilities for hex, bytes, CSPRNG.
|
|
9657
|
-
* @module
|
|
9658
|
-
*/
|
|
9659
|
-
/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */
|
|
9660
|
-
/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
|
|
9661
|
-
function isBytes$2(a) {
|
|
9662
|
-
return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
|
|
9663
|
-
}
|
|
9664
|
-
/** Asserts something is boolean. */
|
|
9665
|
-
function abool$2(b) {
|
|
9666
|
-
if (typeof b !== "boolean") throw new Error(`boolean expected, not ${b}`);
|
|
9667
|
-
}
|
|
9668
|
-
/** Asserts something is positive integer. */
|
|
9669
|
-
function anumber$2(n) {
|
|
9670
|
-
if (!Number.isSafeInteger(n) || n < 0) throw new Error("positive integer expected, got " + n);
|
|
9671
|
-
}
|
|
9672
|
-
/** Asserts something is Uint8Array. */
|
|
9673
|
-
function abytes$2(value, length, title = "") {
|
|
9674
|
-
const bytes = isBytes$2(value);
|
|
9675
|
-
const len = value?.length;
|
|
9676
|
-
const needsLen = length !== void 0;
|
|
9677
|
-
if (!bytes || needsLen && len !== length) {
|
|
9678
|
-
const prefix = title && `"${title}" `;
|
|
9679
|
-
const ofLen = needsLen ? ` of length ${length}` : "";
|
|
9680
|
-
const got = bytes ? `length=${len}` : `type=${typeof value}`;
|
|
9681
|
-
throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
|
|
9682
|
-
}
|
|
9683
|
-
return value;
|
|
9684
|
-
}
|
|
9685
|
-
/** Asserts a hash instance has not been destroyed / finished */
|
|
9686
|
-
function aexists$1(instance, checkFinished = true) {
|
|
9687
|
-
if (instance.destroyed) throw new Error("Hash instance has been destroyed");
|
|
9688
|
-
if (checkFinished && instance.finished) throw new Error("Hash#digest() has already been called");
|
|
9689
|
-
}
|
|
9690
|
-
/** Asserts output is properly-sized byte array */
|
|
9691
|
-
function aoutput$1(out, instance) {
|
|
9692
|
-
abytes$2(out, void 0, "output");
|
|
9693
|
-
const min = instance.outputLen;
|
|
9694
|
-
if (out.length < min) throw new Error("digestInto() expects output buffer of length at least " + min);
|
|
9695
|
-
}
|
|
9696
|
-
/** Cast u8 / u16 / u32 to u32. */
|
|
9697
|
-
function u32$1(arr) {
|
|
9698
|
-
return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
|
|
9699
|
-
}
|
|
9700
|
-
/** Zeroize a byte array. Warning: JS provides no guarantees. */
|
|
9701
|
-
function clean$1(...arrays) {
|
|
9702
|
-
for (let i = 0; i < arrays.length; i++) arrays[i].fill(0);
|
|
9703
|
-
}
|
|
9704
|
-
/** Create DataView of an array for easy byte-level manipulation. */
|
|
9705
|
-
function createView$1(arr) {
|
|
9706
|
-
return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
9707
|
-
}
|
|
9708
|
-
/** Is current platform little-endian? Most are. Big-Endian platform: IBM */
|
|
9709
|
-
const isLE$1 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
|
|
9710
|
-
function checkOpts(defaults, opts) {
|
|
9711
|
-
if (opts == null || typeof opts !== "object") throw new Error("options must be defined");
|
|
9712
|
-
return Object.assign(defaults, opts);
|
|
9713
|
-
}
|
|
9714
|
-
/** Compares 2 uint8array-s in kinda constant time. */
|
|
9715
|
-
function equalBytes$2(a, b) {
|
|
9716
|
-
if (a.length !== b.length) return false;
|
|
9717
|
-
let diff = 0;
|
|
9718
|
-
for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
|
|
9719
|
-
return diff === 0;
|
|
9720
|
-
}
|
|
9721
|
-
/**
|
|
9722
|
-
* Wraps a cipher: validates args, ensures encrypt() can only be called once.
|
|
9723
|
-
* @__NO_SIDE_EFFECTS__
|
|
9724
|
-
*/
|
|
9725
|
-
const wrapCipher = (params, constructor) => {
|
|
9726
|
-
function wrappedCipher(key, ...args) {
|
|
9727
|
-
abytes$2(key, void 0, "key");
|
|
9728
|
-
if (!isLE$1) throw new Error("Non little-endian hardware is not yet supported");
|
|
9729
|
-
if (params.nonceLength !== void 0) {
|
|
9730
|
-
const nonce = args[0];
|
|
9731
|
-
abytes$2(nonce, params.varSizeNonce ? void 0 : params.nonceLength, "nonce");
|
|
9732
|
-
}
|
|
9733
|
-
const tagl = params.tagLength;
|
|
9734
|
-
if (tagl && args[1] !== void 0) abytes$2(args[1], void 0, "AAD");
|
|
9735
|
-
const cipher = constructor(key, ...args);
|
|
9736
|
-
const checkOutput = (fnLength, output) => {
|
|
9737
|
-
if (output !== void 0) {
|
|
9738
|
-
if (fnLength !== 2) throw new Error("cipher output not supported");
|
|
9739
|
-
abytes$2(output, void 0, "output");
|
|
9740
|
-
}
|
|
9741
|
-
};
|
|
9742
|
-
let called = false;
|
|
9743
|
-
return {
|
|
9744
|
-
encrypt(data, output) {
|
|
9745
|
-
if (called) throw new Error("cannot encrypt() twice with same key + nonce");
|
|
9746
|
-
called = true;
|
|
9747
|
-
abytes$2(data);
|
|
9748
|
-
checkOutput(cipher.encrypt.length, output);
|
|
9749
|
-
return cipher.encrypt(data, output);
|
|
9750
|
-
},
|
|
9751
|
-
decrypt(data, output) {
|
|
9752
|
-
abytes$2(data);
|
|
9753
|
-
if (tagl && data.length < tagl) throw new Error("\"ciphertext\" expected length bigger than tagLength=" + tagl);
|
|
9754
|
-
checkOutput(cipher.decrypt.length, output);
|
|
9755
|
-
return cipher.decrypt(data, output);
|
|
9756
|
-
}
|
|
9757
|
-
};
|
|
9758
|
-
}
|
|
9759
|
-
Object.assign(wrappedCipher, params);
|
|
9760
|
-
return wrappedCipher;
|
|
9761
|
-
};
|
|
9762
|
-
/**
|
|
9763
|
-
* By default, returns u8a of length.
|
|
9764
|
-
* When out is available, it checks it for validity and uses it.
|
|
9765
|
-
*/
|
|
9766
|
-
function getOutput(expectedLength, out, onlyAligned = true) {
|
|
9767
|
-
if (out === void 0) return new Uint8Array(expectedLength);
|
|
9768
|
-
if (out.length !== expectedLength) throw new Error("\"output\" expected Uint8Array of length " + expectedLength + ", got: " + out.length);
|
|
9769
|
-
if (onlyAligned && !isAligned32$1(out)) throw new Error("invalid output, must be aligned");
|
|
9770
|
-
return out;
|
|
9771
|
-
}
|
|
9772
|
-
function u64Lengths(dataLength, aadLength, isLE) {
|
|
9773
|
-
abool$2(isLE);
|
|
9774
|
-
const num = new Uint8Array(16);
|
|
9775
|
-
const view = createView$1(num);
|
|
9776
|
-
view.setBigUint64(0, BigInt(aadLength), isLE);
|
|
9777
|
-
view.setBigUint64(8, BigInt(dataLength), isLE);
|
|
9778
|
-
return num;
|
|
9779
|
-
}
|
|
9780
|
-
function isAligned32$1(bytes) {
|
|
9781
|
-
return bytes.byteOffset % 4 === 0;
|
|
9782
|
-
}
|
|
9783
|
-
function copyBytes$3(bytes) {
|
|
9784
|
-
return Uint8Array.from(bytes);
|
|
9785
|
-
}
|
|
9786
|
-
|
|
9787
|
-
//#endregion
|
|
9788
|
-
//#region ../../node_modules/.bun/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/_arx.js
|
|
9789
|
-
/**
|
|
9790
|
-
* Basic utils for ARX (add-rotate-xor) salsa and chacha ciphers.
|
|
9791
|
-
|
|
9792
|
-
RFC8439 requires multi-step cipher stream, where
|
|
9793
|
-
authKey starts with counter: 0, actual msg with counter: 1.
|
|
9794
|
-
|
|
9795
|
-
For this, we need a way to re-use nonce / counter:
|
|
9796
|
-
|
|
9797
|
-
const counter = new Uint8Array(4);
|
|
9798
|
-
chacha(..., counter, ...); // counter is now 1
|
|
9799
|
-
chacha(..., counter, ...); // counter is now 2
|
|
9800
|
-
|
|
9801
|
-
This is complicated:
|
|
9802
|
-
|
|
9803
|
-
- 32-bit counters are enough, no need for 64-bit: max ArrayBuffer size in JS is 4GB
|
|
9804
|
-
- Original papers don't allow mutating counters
|
|
9805
|
-
- Counter overflow is undefined [^1]
|
|
9806
|
-
- Idea A: allow providing (nonce | counter) instead of just nonce, re-use it
|
|
9807
|
-
- Caveat: Cannot be re-used through all cases:
|
|
9808
|
-
- * chacha has (counter | nonce)
|
|
9809
|
-
- * xchacha has (nonce16 | counter | nonce16)
|
|
9810
|
-
- Idea B: separate nonce / counter and provide separate API for counter re-use
|
|
9811
|
-
- Caveat: there are different counter sizes depending on an algorithm.
|
|
9812
|
-
- salsa & chacha also differ in structures of key & sigma:
|
|
9813
|
-
salsa20: s[0] | k(4) | s[1] | nonce(2) | cnt(2) | s[2] | k(4) | s[3]
|
|
9814
|
-
chacha: s(4) | k(8) | cnt(1) | nonce(3)
|
|
9815
|
-
chacha20orig: s(4) | k(8) | cnt(2) | nonce(2)
|
|
9816
|
-
- Idea C: helper method such as `setSalsaState(key, nonce, sigma, data)`
|
|
9817
|
-
- Caveat: we can't re-use counter array
|
|
9818
|
-
|
|
9819
|
-
xchacha [^2] uses the subkey and remaining 8 byte nonce with ChaCha20 as normal
|
|
9820
|
-
(prefixed by 4 NUL bytes, since [RFC8439] specifies a 12-byte nonce).
|
|
9821
|
-
|
|
9822
|
-
[^1]: https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU/
|
|
9823
|
-
[^2]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha#appendix-A.2
|
|
9824
|
-
|
|
9825
|
-
* @module
|
|
9826
|
-
*/
|
|
9827
|
-
const encodeStr = (str) => Uint8Array.from(str.split(""), (c) => c.charCodeAt(0));
|
|
9828
|
-
const sigma16 = encodeStr("expand 16-byte k");
|
|
9829
|
-
const sigma32 = encodeStr("expand 32-byte k");
|
|
9830
|
-
const sigma16_32 = u32$1(sigma16);
|
|
9831
|
-
const sigma32_32 = u32$1(sigma32);
|
|
9832
|
-
/** Rotate left. */
|
|
9833
|
-
function rotl(a, b) {
|
|
9834
|
-
return a << b | a >>> 32 - b;
|
|
9835
|
-
}
|
|
9836
|
-
function isAligned32(b) {
|
|
9837
|
-
return b.byteOffset % 4 === 0;
|
|
9838
|
-
}
|
|
9839
|
-
const BLOCK_LEN = 64;
|
|
9840
|
-
const BLOCK_LEN32 = 16;
|
|
9841
|
-
const MAX_COUNTER = 2 ** 32 - 1;
|
|
9842
|
-
const U32_EMPTY = Uint32Array.of();
|
|
9843
|
-
function runCipher(core, sigma, key, nonce, data, output, counter, rounds) {
|
|
9844
|
-
const len = data.length;
|
|
9845
|
-
const block = new Uint8Array(BLOCK_LEN);
|
|
9846
|
-
const b32 = u32$1(block);
|
|
9847
|
-
const isAligned = isAligned32(data) && isAligned32(output);
|
|
9848
|
-
const d32 = isAligned ? u32$1(data) : U32_EMPTY;
|
|
9849
|
-
const o32 = isAligned ? u32$1(output) : U32_EMPTY;
|
|
9850
|
-
for (let pos = 0; pos < len; counter++) {
|
|
9851
|
-
core(sigma, key, nonce, b32, counter, rounds);
|
|
9852
|
-
if (counter >= MAX_COUNTER) throw new Error("arx: counter overflow");
|
|
9853
|
-
const take = Math.min(BLOCK_LEN, len - pos);
|
|
9854
|
-
if (isAligned && take === BLOCK_LEN) {
|
|
9855
|
-
const pos32 = pos / 4;
|
|
9856
|
-
if (pos % 4 !== 0) throw new Error("arx: invalid block position");
|
|
9857
|
-
for (let j = 0, posj; j < BLOCK_LEN32; j++) {
|
|
9858
|
-
posj = pos32 + j;
|
|
9859
|
-
o32[posj] = d32[posj] ^ b32[j];
|
|
9860
|
-
}
|
|
9861
|
-
pos += BLOCK_LEN;
|
|
9862
|
-
continue;
|
|
9863
|
-
}
|
|
9864
|
-
for (let j = 0, posj; j < take; j++) {
|
|
9865
|
-
posj = pos + j;
|
|
9866
|
-
output[posj] = data[posj] ^ block[j];
|
|
9867
|
-
}
|
|
9868
|
-
pos += take;
|
|
9869
|
-
}
|
|
9870
|
-
}
|
|
9871
|
-
/** Creates ARX-like (ChaCha, Salsa) cipher stream from core function. */
|
|
9872
|
-
function createCipher(core, opts) {
|
|
9873
|
-
const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({
|
|
9874
|
-
allowShortKeys: false,
|
|
9875
|
-
counterLength: 8,
|
|
9876
|
-
counterRight: false,
|
|
9877
|
-
rounds: 20
|
|
9878
|
-
}, opts);
|
|
9879
|
-
if (typeof core !== "function") throw new Error("core must be a function");
|
|
9880
|
-
anumber$2(counterLength);
|
|
9881
|
-
anumber$2(rounds);
|
|
9882
|
-
abool$2(counterRight);
|
|
9883
|
-
abool$2(allowShortKeys);
|
|
9884
|
-
return (key, nonce, data, output, counter = 0) => {
|
|
9885
|
-
abytes$2(key, void 0, "key");
|
|
9886
|
-
abytes$2(nonce, void 0, "nonce");
|
|
9887
|
-
abytes$2(data, void 0, "data");
|
|
9888
|
-
const len = data.length;
|
|
9889
|
-
if (output === void 0) output = new Uint8Array(len);
|
|
9890
|
-
abytes$2(output, void 0, "output");
|
|
9891
|
-
anumber$2(counter);
|
|
9892
|
-
if (counter < 0 || counter >= MAX_COUNTER) throw new Error("arx: counter overflow");
|
|
9893
|
-
if (output.length < len) throw new Error(`arx: output (${output.length}) is shorter than data (${len})`);
|
|
9894
|
-
const toClean = [];
|
|
9895
|
-
let l = key.length;
|
|
9896
|
-
let k;
|
|
9897
|
-
let sigma;
|
|
9898
|
-
if (l === 32) {
|
|
9899
|
-
toClean.push(k = copyBytes$3(key));
|
|
9900
|
-
sigma = sigma32_32;
|
|
9901
|
-
} else if (l === 16 && allowShortKeys) {
|
|
9902
|
-
k = new Uint8Array(32);
|
|
9903
|
-
k.set(key);
|
|
9904
|
-
k.set(key, 16);
|
|
9905
|
-
sigma = sigma16_32;
|
|
9906
|
-
toClean.push(k);
|
|
9907
|
-
} else {
|
|
9908
|
-
abytes$2(key, 32, "arx key");
|
|
9909
|
-
throw new Error("invalid key size");
|
|
9910
|
-
}
|
|
9911
|
-
if (!isAligned32(nonce)) toClean.push(nonce = copyBytes$3(nonce));
|
|
9912
|
-
const k32 = u32$1(k);
|
|
9913
|
-
if (extendNonceFn) {
|
|
9914
|
-
if (nonce.length !== 24) throw new Error(`arx: extended nonce must be 24 bytes`);
|
|
9915
|
-
extendNonceFn(sigma, k32, u32$1(nonce.subarray(0, 16)), k32);
|
|
9916
|
-
nonce = nonce.subarray(16);
|
|
9917
|
-
}
|
|
9918
|
-
const nonceNcLen = 16 - counterLength;
|
|
9919
|
-
if (nonceNcLen !== nonce.length) throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);
|
|
9920
|
-
if (nonceNcLen !== 12) {
|
|
9921
|
-
const nc = new Uint8Array(12);
|
|
9922
|
-
nc.set(nonce, counterRight ? 0 : 12 - nonce.length);
|
|
9923
|
-
nonce = nc;
|
|
9924
|
-
toClean.push(nonce);
|
|
9925
|
-
}
|
|
9926
|
-
const n32 = u32$1(nonce);
|
|
9927
|
-
runCipher(core, sigma, k32, n32, data, output, counter, rounds);
|
|
9928
|
-
clean$1(...toClean);
|
|
9929
|
-
return output;
|
|
9930
|
-
};
|
|
9931
|
-
}
|
|
9932
|
-
|
|
9933
|
-
//#endregion
|
|
9934
|
-
//#region ../../node_modules/.bun/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/_poly1305.js
|
|
9935
|
-
/**
|
|
9936
|
-
* Poly1305 ([PDF](https://cr.yp.to/mac/poly1305-20050329.pdf),
|
|
9937
|
-
* [wiki](https://en.wikipedia.org/wiki/Poly1305))
|
|
9938
|
-
* is a fast and parallel secret-key message-authentication code suitable for
|
|
9939
|
-
* a wide variety of applications. It was standardized in
|
|
9940
|
-
* [RFC 8439](https://www.rfc-editor.org/rfc/rfc8439) and is now used in TLS 1.3.
|
|
9941
|
-
*
|
|
9942
|
-
* Polynomial MACs are not perfect for every situation:
|
|
9943
|
-
* they lack Random Key Robustness: the MAC can be forged, and can't be used in PAKE schemes.
|
|
9944
|
-
* See [invisible salamanders attack](https://keymaterial.net/2020/09/07/invisible-salamanders-in-aes-gcm-siv/).
|
|
9945
|
-
* To combat invisible salamanders, `hash(key)` can be included in ciphertext,
|
|
9946
|
-
* however, this would violate ciphertext indistinguishability:
|
|
9947
|
-
* an attacker would know which key was used - so `HKDF(key, i)`
|
|
9948
|
-
* could be used instead.
|
|
9949
|
-
*
|
|
9950
|
-
* Check out [original website](https://cr.yp.to/mac.html).
|
|
9951
|
-
* Based on Public Domain [poly1305-donna](https://github.com/floodyberry/poly1305-donna).
|
|
9952
|
-
* @module
|
|
9953
|
-
*/
|
|
9954
|
-
function u8to16(a, i) {
|
|
9955
|
-
return a[i++] & 255 | (a[i++] & 255) << 8;
|
|
9956
|
-
}
|
|
9957
|
-
/** Poly1305 class. Prefer poly1305() function instead. */
|
|
9958
|
-
var Poly1305 = class {
|
|
9959
|
-
blockLen = 16;
|
|
9960
|
-
outputLen = 16;
|
|
9961
|
-
buffer = new Uint8Array(16);
|
|
9962
|
-
r = new Uint16Array(10);
|
|
9963
|
-
h = new Uint16Array(10);
|
|
9964
|
-
pad = new Uint16Array(8);
|
|
9965
|
-
pos = 0;
|
|
9966
|
-
finished = false;
|
|
9967
|
-
constructor(key) {
|
|
9968
|
-
key = copyBytes$3(abytes$2(key, 32, "key"));
|
|
9969
|
-
const t0 = u8to16(key, 0);
|
|
9970
|
-
const t1 = u8to16(key, 2);
|
|
9971
|
-
const t2 = u8to16(key, 4);
|
|
9972
|
-
const t3 = u8to16(key, 6);
|
|
9973
|
-
const t4 = u8to16(key, 8);
|
|
9974
|
-
const t5 = u8to16(key, 10);
|
|
9975
|
-
const t6 = u8to16(key, 12);
|
|
9976
|
-
const t7 = u8to16(key, 14);
|
|
9977
|
-
this.r[0] = t0 & 8191;
|
|
9978
|
-
this.r[1] = (t0 >>> 13 | t1 << 3) & 8191;
|
|
9979
|
-
this.r[2] = (t1 >>> 10 | t2 << 6) & 7939;
|
|
9980
|
-
this.r[3] = (t2 >>> 7 | t3 << 9) & 8191;
|
|
9981
|
-
this.r[4] = (t3 >>> 4 | t4 << 12) & 255;
|
|
9982
|
-
this.r[5] = t4 >>> 1 & 8190;
|
|
9983
|
-
this.r[6] = (t4 >>> 14 | t5 << 2) & 8191;
|
|
9984
|
-
this.r[7] = (t5 >>> 11 | t6 << 5) & 8065;
|
|
9985
|
-
this.r[8] = (t6 >>> 8 | t7 << 8) & 8191;
|
|
9986
|
-
this.r[9] = t7 >>> 5 & 127;
|
|
9987
|
-
for (let i = 0; i < 8; i++) this.pad[i] = u8to16(key, 16 + 2 * i);
|
|
9988
|
-
}
|
|
9989
|
-
process(data, offset, isLast = false) {
|
|
9990
|
-
const hibit = isLast ? 0 : 2048;
|
|
9991
|
-
const { h, r } = this;
|
|
9992
|
-
const r0 = r[0];
|
|
9993
|
-
const r1 = r[1];
|
|
9994
|
-
const r2 = r[2];
|
|
9995
|
-
const r3 = r[3];
|
|
9996
|
-
const r4 = r[4];
|
|
9997
|
-
const r5 = r[5];
|
|
9998
|
-
const r6 = r[6];
|
|
9999
|
-
const r7 = r[7];
|
|
10000
|
-
const r8 = r[8];
|
|
10001
|
-
const r9 = r[9];
|
|
10002
|
-
const t0 = u8to16(data, offset + 0);
|
|
10003
|
-
const t1 = u8to16(data, offset + 2);
|
|
10004
|
-
const t2 = u8to16(data, offset + 4);
|
|
10005
|
-
const t3 = u8to16(data, offset + 6);
|
|
10006
|
-
const t4 = u8to16(data, offset + 8);
|
|
10007
|
-
const t5 = u8to16(data, offset + 10);
|
|
10008
|
-
const t6 = u8to16(data, offset + 12);
|
|
10009
|
-
const t7 = u8to16(data, offset + 14);
|
|
10010
|
-
let h0 = h[0] + (t0 & 8191);
|
|
10011
|
-
let h1 = h[1] + ((t0 >>> 13 | t1 << 3) & 8191);
|
|
10012
|
-
let h2 = h[2] + ((t1 >>> 10 | t2 << 6) & 8191);
|
|
10013
|
-
let h3 = h[3] + ((t2 >>> 7 | t3 << 9) & 8191);
|
|
10014
|
-
let h4 = h[4] + ((t3 >>> 4 | t4 << 12) & 8191);
|
|
10015
|
-
let h5 = h[5] + (t4 >>> 1 & 8191);
|
|
10016
|
-
let h6 = h[6] + ((t4 >>> 14 | t5 << 2) & 8191);
|
|
10017
|
-
let h7 = h[7] + ((t5 >>> 11 | t6 << 5) & 8191);
|
|
10018
|
-
let h8 = h[8] + ((t6 >>> 8 | t7 << 8) & 8191);
|
|
10019
|
-
let h9 = h[9] + (t7 >>> 5 | hibit);
|
|
10020
|
-
let c = 0;
|
|
10021
|
-
let d0 = c + h0 * r0 + h1 * (5 * r9) + h2 * (5 * r8) + h3 * (5 * r7) + h4 * (5 * r6);
|
|
10022
|
-
c = d0 >>> 13;
|
|
10023
|
-
d0 &= 8191;
|
|
10024
|
-
d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) + h9 * (5 * r1);
|
|
10025
|
-
c += d0 >>> 13;
|
|
10026
|
-
d0 &= 8191;
|
|
10027
|
-
let d1 = c + h0 * r1 + h1 * r0 + h2 * (5 * r9) + h3 * (5 * r8) + h4 * (5 * r7);
|
|
10028
|
-
c = d1 >>> 13;
|
|
10029
|
-
d1 &= 8191;
|
|
10030
|
-
d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) + h9 * (5 * r2);
|
|
10031
|
-
c += d1 >>> 13;
|
|
10032
|
-
d1 &= 8191;
|
|
10033
|
-
let d2 = c + h0 * r2 + h1 * r1 + h2 * r0 + h3 * (5 * r9) + h4 * (5 * r8);
|
|
10034
|
-
c = d2 >>> 13;
|
|
10035
|
-
d2 &= 8191;
|
|
10036
|
-
d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) + h9 * (5 * r3);
|
|
10037
|
-
c += d2 >>> 13;
|
|
10038
|
-
d2 &= 8191;
|
|
10039
|
-
let d3 = c + h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * (5 * r9);
|
|
10040
|
-
c = d3 >>> 13;
|
|
10041
|
-
d3 &= 8191;
|
|
10042
|
-
d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) + h9 * (5 * r4);
|
|
10043
|
-
c += d3 >>> 13;
|
|
10044
|
-
d3 &= 8191;
|
|
10045
|
-
let d4 = c + h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0;
|
|
10046
|
-
c = d4 >>> 13;
|
|
10047
|
-
d4 &= 8191;
|
|
10048
|
-
d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) + h9 * (5 * r5);
|
|
10049
|
-
c += d4 >>> 13;
|
|
10050
|
-
d4 &= 8191;
|
|
10051
|
-
let d5 = c + h0 * r5 + h1 * r4 + h2 * r3 + h3 * r2 + h4 * r1;
|
|
10052
|
-
c = d5 >>> 13;
|
|
10053
|
-
d5 &= 8191;
|
|
10054
|
-
d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) + h9 * (5 * r6);
|
|
10055
|
-
c += d5 >>> 13;
|
|
10056
|
-
d5 &= 8191;
|
|
10057
|
-
let d6 = c + h0 * r6 + h1 * r5 + h2 * r4 + h3 * r3 + h4 * r2;
|
|
10058
|
-
c = d6 >>> 13;
|
|
10059
|
-
d6 &= 8191;
|
|
10060
|
-
d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);
|
|
10061
|
-
c += d6 >>> 13;
|
|
10062
|
-
d6 &= 8191;
|
|
10063
|
-
let d7 = c + h0 * r7 + h1 * r6 + h2 * r5 + h3 * r4 + h4 * r3;
|
|
10064
|
-
c = d7 >>> 13;
|
|
10065
|
-
d7 &= 8191;
|
|
10066
|
-
d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);
|
|
10067
|
-
c += d7 >>> 13;
|
|
10068
|
-
d7 &= 8191;
|
|
10069
|
-
let d8 = c + h0 * r8 + h1 * r7 + h2 * r6 + h3 * r5 + h4 * r4;
|
|
10070
|
-
c = d8 >>> 13;
|
|
10071
|
-
d8 &= 8191;
|
|
10072
|
-
d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);
|
|
10073
|
-
c += d8 >>> 13;
|
|
10074
|
-
d8 &= 8191;
|
|
10075
|
-
let d9 = c + h0 * r9 + h1 * r8 + h2 * r7 + h3 * r6 + h4 * r5;
|
|
10076
|
-
c = d9 >>> 13;
|
|
10077
|
-
d9 &= 8191;
|
|
10078
|
-
d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;
|
|
10079
|
-
c += d9 >>> 13;
|
|
10080
|
-
d9 &= 8191;
|
|
10081
|
-
c = (c << 2) + c | 0;
|
|
10082
|
-
c = c + d0 | 0;
|
|
10083
|
-
d0 = c & 8191;
|
|
10084
|
-
c = c >>> 13;
|
|
10085
|
-
d1 += c;
|
|
10086
|
-
h[0] = d0;
|
|
10087
|
-
h[1] = d1;
|
|
10088
|
-
h[2] = d2;
|
|
10089
|
-
h[3] = d3;
|
|
10090
|
-
h[4] = d4;
|
|
10091
|
-
h[5] = d5;
|
|
10092
|
-
h[6] = d6;
|
|
10093
|
-
h[7] = d7;
|
|
10094
|
-
h[8] = d8;
|
|
10095
|
-
h[9] = d9;
|
|
10096
|
-
}
|
|
10097
|
-
finalize() {
|
|
10098
|
-
const { h, pad } = this;
|
|
10099
|
-
const g = new Uint16Array(10);
|
|
10100
|
-
let c = h[1] >>> 13;
|
|
10101
|
-
h[1] &= 8191;
|
|
10102
|
-
for (let i = 2; i < 10; i++) {
|
|
10103
|
-
h[i] += c;
|
|
10104
|
-
c = h[i] >>> 13;
|
|
10105
|
-
h[i] &= 8191;
|
|
10106
|
-
}
|
|
10107
|
-
h[0] += c * 5;
|
|
10108
|
-
c = h[0] >>> 13;
|
|
10109
|
-
h[0] &= 8191;
|
|
10110
|
-
h[1] += c;
|
|
10111
|
-
c = h[1] >>> 13;
|
|
10112
|
-
h[1] &= 8191;
|
|
10113
|
-
h[2] += c;
|
|
10114
|
-
g[0] = h[0] + 5;
|
|
10115
|
-
c = g[0] >>> 13;
|
|
10116
|
-
g[0] &= 8191;
|
|
10117
|
-
for (let i = 1; i < 10; i++) {
|
|
10118
|
-
g[i] = h[i] + c;
|
|
10119
|
-
c = g[i] >>> 13;
|
|
10120
|
-
g[i] &= 8191;
|
|
10121
|
-
}
|
|
10122
|
-
g[9] -= 8192;
|
|
10123
|
-
let mask = (c ^ 1) - 1;
|
|
10124
|
-
for (let i = 0; i < 10; i++) g[i] &= mask;
|
|
10125
|
-
mask = ~mask;
|
|
10126
|
-
for (let i = 0; i < 10; i++) h[i] = h[i] & mask | g[i];
|
|
10127
|
-
h[0] = (h[0] | h[1] << 13) & 65535;
|
|
10128
|
-
h[1] = (h[1] >>> 3 | h[2] << 10) & 65535;
|
|
10129
|
-
h[2] = (h[2] >>> 6 | h[3] << 7) & 65535;
|
|
10130
|
-
h[3] = (h[3] >>> 9 | h[4] << 4) & 65535;
|
|
10131
|
-
h[4] = (h[4] >>> 12 | h[5] << 1 | h[6] << 14) & 65535;
|
|
10132
|
-
h[5] = (h[6] >>> 2 | h[7] << 11) & 65535;
|
|
10133
|
-
h[6] = (h[7] >>> 5 | h[8] << 8) & 65535;
|
|
10134
|
-
h[7] = (h[8] >>> 8 | h[9] << 5) & 65535;
|
|
10135
|
-
let f = h[0] + pad[0];
|
|
10136
|
-
h[0] = f & 65535;
|
|
10137
|
-
for (let i = 1; i < 8; i++) {
|
|
10138
|
-
f = (h[i] + pad[i] | 0) + (f >>> 16) | 0;
|
|
10139
|
-
h[i] = f & 65535;
|
|
10140
|
-
}
|
|
10141
|
-
clean$1(g);
|
|
10142
|
-
}
|
|
10143
|
-
update(data) {
|
|
10144
|
-
aexists$1(this);
|
|
10145
|
-
abytes$2(data);
|
|
10146
|
-
data = copyBytes$3(data);
|
|
10147
|
-
const { buffer, blockLen } = this;
|
|
10148
|
-
const len = data.length;
|
|
10149
|
-
for (let pos = 0; pos < len;) {
|
|
10150
|
-
const take = Math.min(blockLen - this.pos, len - pos);
|
|
10151
|
-
if (take === blockLen) {
|
|
10152
|
-
for (; blockLen <= len - pos; pos += blockLen) this.process(data, pos);
|
|
10153
|
-
continue;
|
|
10154
|
-
}
|
|
10155
|
-
buffer.set(data.subarray(pos, pos + take), this.pos);
|
|
10156
|
-
this.pos += take;
|
|
10157
|
-
pos += take;
|
|
10158
|
-
if (this.pos === blockLen) {
|
|
10159
|
-
this.process(buffer, 0, false);
|
|
10160
|
-
this.pos = 0;
|
|
10161
|
-
}
|
|
10162
|
-
}
|
|
10163
|
-
return this;
|
|
10164
|
-
}
|
|
10165
|
-
destroy() {
|
|
10166
|
-
clean$1(this.h, this.r, this.buffer, this.pad);
|
|
10167
|
-
}
|
|
10168
|
-
digestInto(out) {
|
|
10169
|
-
aexists$1(this);
|
|
10170
|
-
aoutput$1(out, this);
|
|
10171
|
-
this.finished = true;
|
|
10172
|
-
const { buffer, h } = this;
|
|
10173
|
-
let { pos } = this;
|
|
10174
|
-
if (pos) {
|
|
10175
|
-
buffer[pos++] = 1;
|
|
10176
|
-
for (; pos < 16; pos++) buffer[pos] = 0;
|
|
10177
|
-
this.process(buffer, 0, true);
|
|
10178
|
-
}
|
|
10179
|
-
this.finalize();
|
|
10180
|
-
let opos = 0;
|
|
10181
|
-
for (let i = 0; i < 8; i++) {
|
|
10182
|
-
out[opos++] = h[i] >>> 0;
|
|
10183
|
-
out[opos++] = h[i] >>> 8;
|
|
10184
|
-
}
|
|
10185
|
-
return out;
|
|
10186
|
-
}
|
|
10187
|
-
digest() {
|
|
10188
|
-
const { buffer, outputLen } = this;
|
|
10189
|
-
this.digestInto(buffer);
|
|
10190
|
-
const res = buffer.slice(0, outputLen);
|
|
10191
|
-
this.destroy();
|
|
10192
|
-
return res;
|
|
10193
|
-
}
|
|
10194
|
-
};
|
|
10195
|
-
function wrapConstructorWithKey(hashCons) {
|
|
10196
|
-
const hashC = (msg, key) => hashCons(key).update(msg).digest();
|
|
10197
|
-
const tmp = hashCons(new Uint8Array(32));
|
|
10198
|
-
hashC.outputLen = tmp.outputLen;
|
|
10199
|
-
hashC.blockLen = tmp.blockLen;
|
|
10200
|
-
hashC.create = (key) => hashCons(key);
|
|
10201
|
-
return hashC;
|
|
10202
|
-
}
|
|
10203
|
-
/** Poly1305 MAC from RFC 8439. */
|
|
10204
|
-
const poly1305 = (() => wrapConstructorWithKey((key) => new Poly1305(key)))();
|
|
10205
|
-
|
|
10206
|
-
//#endregion
|
|
10207
|
-
//#region ../../node_modules/.bun/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/chacha.js
|
|
10208
|
-
/**
|
|
10209
|
-
* ChaCha stream cipher, released
|
|
10210
|
-
* in 2008. Developed after Salsa20, ChaCha aims to increase diffusion per round.
|
|
10211
|
-
* It was standardized in [RFC 8439](https://www.rfc-editor.org/rfc/rfc8439) and
|
|
10212
|
-
* is now used in TLS 1.3.
|
|
10213
|
-
*
|
|
10214
|
-
* [XChaCha20](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha)
|
|
10215
|
-
* extended-nonce variant is also provided. Similar to XSalsa, it's safe to use with
|
|
10216
|
-
* randomly-generated nonces.
|
|
10217
|
-
*
|
|
10218
|
-
* Check out [PDF](http://cr.yp.to/chacha/chacha-20080128.pdf) and
|
|
10219
|
-
* [wiki](https://en.wikipedia.org/wiki/Salsa20) and
|
|
10220
|
-
* [website](https://cr.yp.to/chacha.html).
|
|
10221
|
-
*
|
|
10222
|
-
* @module
|
|
10223
|
-
*/
|
|
10224
|
-
/** Identical to `chachaCore_small`. Unused. */
|
|
10225
|
-
function chachaCore(s, k, n, out, cnt, rounds = 20) {
|
|
10226
|
-
let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2];
|
|
10227
|
-
let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
|
|
10228
|
-
for (let r = 0; r < rounds; r += 2) {
|
|
10229
|
-
x00 = x00 + x04 | 0;
|
|
10230
|
-
x12 = rotl(x12 ^ x00, 16);
|
|
10231
|
-
x08 = x08 + x12 | 0;
|
|
10232
|
-
x04 = rotl(x04 ^ x08, 12);
|
|
10233
|
-
x00 = x00 + x04 | 0;
|
|
10234
|
-
x12 = rotl(x12 ^ x00, 8);
|
|
10235
|
-
x08 = x08 + x12 | 0;
|
|
10236
|
-
x04 = rotl(x04 ^ x08, 7);
|
|
10237
|
-
x01 = x01 + x05 | 0;
|
|
10238
|
-
x13 = rotl(x13 ^ x01, 16);
|
|
10239
|
-
x09 = x09 + x13 | 0;
|
|
10240
|
-
x05 = rotl(x05 ^ x09, 12);
|
|
10241
|
-
x01 = x01 + x05 | 0;
|
|
10242
|
-
x13 = rotl(x13 ^ x01, 8);
|
|
10243
|
-
x09 = x09 + x13 | 0;
|
|
10244
|
-
x05 = rotl(x05 ^ x09, 7);
|
|
10245
|
-
x02 = x02 + x06 | 0;
|
|
10246
|
-
x14 = rotl(x14 ^ x02, 16);
|
|
10247
|
-
x10 = x10 + x14 | 0;
|
|
10248
|
-
x06 = rotl(x06 ^ x10, 12);
|
|
10249
|
-
x02 = x02 + x06 | 0;
|
|
10250
|
-
x14 = rotl(x14 ^ x02, 8);
|
|
10251
|
-
x10 = x10 + x14 | 0;
|
|
10252
|
-
x06 = rotl(x06 ^ x10, 7);
|
|
10253
|
-
x03 = x03 + x07 | 0;
|
|
10254
|
-
x15 = rotl(x15 ^ x03, 16);
|
|
10255
|
-
x11 = x11 + x15 | 0;
|
|
10256
|
-
x07 = rotl(x07 ^ x11, 12);
|
|
10257
|
-
x03 = x03 + x07 | 0;
|
|
10258
|
-
x15 = rotl(x15 ^ x03, 8);
|
|
10259
|
-
x11 = x11 + x15 | 0;
|
|
10260
|
-
x07 = rotl(x07 ^ x11, 7);
|
|
10261
|
-
x00 = x00 + x05 | 0;
|
|
10262
|
-
x15 = rotl(x15 ^ x00, 16);
|
|
10263
|
-
x10 = x10 + x15 | 0;
|
|
10264
|
-
x05 = rotl(x05 ^ x10, 12);
|
|
10265
|
-
x00 = x00 + x05 | 0;
|
|
10266
|
-
x15 = rotl(x15 ^ x00, 8);
|
|
10267
|
-
x10 = x10 + x15 | 0;
|
|
10268
|
-
x05 = rotl(x05 ^ x10, 7);
|
|
10269
|
-
x01 = x01 + x06 | 0;
|
|
10270
|
-
x12 = rotl(x12 ^ x01, 16);
|
|
10271
|
-
x11 = x11 + x12 | 0;
|
|
10272
|
-
x06 = rotl(x06 ^ x11, 12);
|
|
10273
|
-
x01 = x01 + x06 | 0;
|
|
10274
|
-
x12 = rotl(x12 ^ x01, 8);
|
|
10275
|
-
x11 = x11 + x12 | 0;
|
|
10276
|
-
x06 = rotl(x06 ^ x11, 7);
|
|
10277
|
-
x02 = x02 + x07 | 0;
|
|
10278
|
-
x13 = rotl(x13 ^ x02, 16);
|
|
10279
|
-
x08 = x08 + x13 | 0;
|
|
10280
|
-
x07 = rotl(x07 ^ x08, 12);
|
|
10281
|
-
x02 = x02 + x07 | 0;
|
|
10282
|
-
x13 = rotl(x13 ^ x02, 8);
|
|
10283
|
-
x08 = x08 + x13 | 0;
|
|
10284
|
-
x07 = rotl(x07 ^ x08, 7);
|
|
10285
|
-
x03 = x03 + x04 | 0;
|
|
10286
|
-
x14 = rotl(x14 ^ x03, 16);
|
|
10287
|
-
x09 = x09 + x14 | 0;
|
|
10288
|
-
x04 = rotl(x04 ^ x09, 12);
|
|
10289
|
-
x03 = x03 + x04 | 0;
|
|
10290
|
-
x14 = rotl(x14 ^ x03, 8);
|
|
10291
|
-
x09 = x09 + x14 | 0;
|
|
10292
|
-
x04 = rotl(x04 ^ x09, 7);
|
|
10293
|
-
}
|
|
10294
|
-
let oi = 0;
|
|
10295
|
-
out[oi++] = y00 + x00 | 0;
|
|
10296
|
-
out[oi++] = y01 + x01 | 0;
|
|
10297
|
-
out[oi++] = y02 + x02 | 0;
|
|
10298
|
-
out[oi++] = y03 + x03 | 0;
|
|
10299
|
-
out[oi++] = y04 + x04 | 0;
|
|
10300
|
-
out[oi++] = y05 + x05 | 0;
|
|
10301
|
-
out[oi++] = y06 + x06 | 0;
|
|
10302
|
-
out[oi++] = y07 + x07 | 0;
|
|
10303
|
-
out[oi++] = y08 + x08 | 0;
|
|
10304
|
-
out[oi++] = y09 + x09 | 0;
|
|
10305
|
-
out[oi++] = y10 + x10 | 0;
|
|
10306
|
-
out[oi++] = y11 + x11 | 0;
|
|
10307
|
-
out[oi++] = y12 + x12 | 0;
|
|
10308
|
-
out[oi++] = y13 + x13 | 0;
|
|
10309
|
-
out[oi++] = y14 + x14 | 0;
|
|
10310
|
-
out[oi++] = y15 + x15 | 0;
|
|
10311
|
-
}
|
|
10312
|
-
/**
|
|
10313
|
-
* hchacha hashes key and nonce into key' and nonce' for xchacha20.
|
|
10314
|
-
* Identical to `hchacha_small`.
|
|
10315
|
-
* Need to find a way to merge it with `chachaCore` without 25% performance hit.
|
|
10316
|
-
*/
|
|
10317
|
-
function hchacha(s, k, i, out) {
|
|
10318
|
-
let x00 = s[0], x01 = s[1], x02 = s[2], x03 = s[3], x04 = k[0], x05 = k[1], x06 = k[2], x07 = k[3], x08 = k[4], x09 = k[5], x10 = k[6], x11 = k[7], x12 = i[0], x13 = i[1], x14 = i[2], x15 = i[3];
|
|
10319
|
-
for (let r = 0; r < 20; r += 2) {
|
|
10320
|
-
x00 = x00 + x04 | 0;
|
|
10321
|
-
x12 = rotl(x12 ^ x00, 16);
|
|
10322
|
-
x08 = x08 + x12 | 0;
|
|
10323
|
-
x04 = rotl(x04 ^ x08, 12);
|
|
10324
|
-
x00 = x00 + x04 | 0;
|
|
10325
|
-
x12 = rotl(x12 ^ x00, 8);
|
|
10326
|
-
x08 = x08 + x12 | 0;
|
|
10327
|
-
x04 = rotl(x04 ^ x08, 7);
|
|
10328
|
-
x01 = x01 + x05 | 0;
|
|
10329
|
-
x13 = rotl(x13 ^ x01, 16);
|
|
10330
|
-
x09 = x09 + x13 | 0;
|
|
10331
|
-
x05 = rotl(x05 ^ x09, 12);
|
|
10332
|
-
x01 = x01 + x05 | 0;
|
|
10333
|
-
x13 = rotl(x13 ^ x01, 8);
|
|
10334
|
-
x09 = x09 + x13 | 0;
|
|
10335
|
-
x05 = rotl(x05 ^ x09, 7);
|
|
10336
|
-
x02 = x02 + x06 | 0;
|
|
10337
|
-
x14 = rotl(x14 ^ x02, 16);
|
|
10338
|
-
x10 = x10 + x14 | 0;
|
|
10339
|
-
x06 = rotl(x06 ^ x10, 12);
|
|
10340
|
-
x02 = x02 + x06 | 0;
|
|
10341
|
-
x14 = rotl(x14 ^ x02, 8);
|
|
10342
|
-
x10 = x10 + x14 | 0;
|
|
10343
|
-
x06 = rotl(x06 ^ x10, 7);
|
|
10344
|
-
x03 = x03 + x07 | 0;
|
|
10345
|
-
x15 = rotl(x15 ^ x03, 16);
|
|
10346
|
-
x11 = x11 + x15 | 0;
|
|
10347
|
-
x07 = rotl(x07 ^ x11, 12);
|
|
10348
|
-
x03 = x03 + x07 | 0;
|
|
10349
|
-
x15 = rotl(x15 ^ x03, 8);
|
|
10350
|
-
x11 = x11 + x15 | 0;
|
|
10351
|
-
x07 = rotl(x07 ^ x11, 7);
|
|
10352
|
-
x00 = x00 + x05 | 0;
|
|
10353
|
-
x15 = rotl(x15 ^ x00, 16);
|
|
10354
|
-
x10 = x10 + x15 | 0;
|
|
10355
|
-
x05 = rotl(x05 ^ x10, 12);
|
|
10356
|
-
x00 = x00 + x05 | 0;
|
|
10357
|
-
x15 = rotl(x15 ^ x00, 8);
|
|
10358
|
-
x10 = x10 + x15 | 0;
|
|
10359
|
-
x05 = rotl(x05 ^ x10, 7);
|
|
10360
|
-
x01 = x01 + x06 | 0;
|
|
10361
|
-
x12 = rotl(x12 ^ x01, 16);
|
|
10362
|
-
x11 = x11 + x12 | 0;
|
|
10363
|
-
x06 = rotl(x06 ^ x11, 12);
|
|
10364
|
-
x01 = x01 + x06 | 0;
|
|
10365
|
-
x12 = rotl(x12 ^ x01, 8);
|
|
10366
|
-
x11 = x11 + x12 | 0;
|
|
10367
|
-
x06 = rotl(x06 ^ x11, 7);
|
|
10368
|
-
x02 = x02 + x07 | 0;
|
|
10369
|
-
x13 = rotl(x13 ^ x02, 16);
|
|
10370
|
-
x08 = x08 + x13 | 0;
|
|
10371
|
-
x07 = rotl(x07 ^ x08, 12);
|
|
10372
|
-
x02 = x02 + x07 | 0;
|
|
10373
|
-
x13 = rotl(x13 ^ x02, 8);
|
|
10374
|
-
x08 = x08 + x13 | 0;
|
|
10375
|
-
x07 = rotl(x07 ^ x08, 7);
|
|
10376
|
-
x03 = x03 + x04 | 0;
|
|
10377
|
-
x14 = rotl(x14 ^ x03, 16);
|
|
10378
|
-
x09 = x09 + x14 | 0;
|
|
10379
|
-
x04 = rotl(x04 ^ x09, 12);
|
|
10380
|
-
x03 = x03 + x04 | 0;
|
|
10381
|
-
x14 = rotl(x14 ^ x03, 8);
|
|
10382
|
-
x09 = x09 + x14 | 0;
|
|
10383
|
-
x04 = rotl(x04 ^ x09, 7);
|
|
10384
|
-
}
|
|
10385
|
-
let oi = 0;
|
|
10386
|
-
out[oi++] = x00;
|
|
10387
|
-
out[oi++] = x01;
|
|
10388
|
-
out[oi++] = x02;
|
|
10389
|
-
out[oi++] = x03;
|
|
10390
|
-
out[oi++] = x12;
|
|
10391
|
-
out[oi++] = x13;
|
|
10392
|
-
out[oi++] = x14;
|
|
10393
|
-
out[oi++] = x15;
|
|
10394
|
-
}
|
|
10395
|
-
/**
|
|
10396
|
-
* ChaCha stream cipher. Conforms to RFC 8439 (IETF, TLS). 12-byte nonce, 4-byte counter.
|
|
10397
|
-
* With smaller nonce, it's not safe to make it random (CSPRNG), due to collision chance.
|
|
10398
|
-
*/
|
|
10399
|
-
const chacha20 = /* @__PURE__ */ createCipher(chachaCore, {
|
|
10400
|
-
counterRight: false,
|
|
10401
|
-
counterLength: 4,
|
|
10402
|
-
allowShortKeys: false
|
|
10403
|
-
});
|
|
10404
|
-
/**
|
|
10405
|
-
* XChaCha eXtended-nonce ChaCha. With 24-byte nonce, it's safe to make it random (CSPRNG).
|
|
10406
|
-
* See [IRTF draft](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha).
|
|
10407
|
-
*/
|
|
10408
|
-
const xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {
|
|
10409
|
-
counterRight: false,
|
|
10410
|
-
counterLength: 8,
|
|
10411
|
-
extendNonceFn: hchacha,
|
|
10412
|
-
allowShortKeys: false
|
|
10413
|
-
});
|
|
10414
|
-
const ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
|
|
10415
|
-
const updatePadded = (h, msg) => {
|
|
10416
|
-
h.update(msg);
|
|
10417
|
-
const leftover = msg.length % 16;
|
|
10418
|
-
if (leftover) h.update(ZEROS16.subarray(leftover));
|
|
10419
|
-
};
|
|
10420
|
-
const ZEROS32 = /* @__PURE__ */ new Uint8Array(32);
|
|
10421
|
-
function computeTag(fn, key, nonce, ciphertext, AAD) {
|
|
10422
|
-
if (AAD !== void 0) abytes$2(AAD, void 0, "AAD");
|
|
10423
|
-
const authKey = fn(key, nonce, ZEROS32);
|
|
10424
|
-
const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);
|
|
10425
|
-
const h = poly1305.create(authKey);
|
|
10426
|
-
if (AAD) updatePadded(h, AAD);
|
|
10427
|
-
updatePadded(h, ciphertext);
|
|
10428
|
-
h.update(lengths);
|
|
10429
|
-
const res = h.digest();
|
|
10430
|
-
clean$1(authKey, lengths);
|
|
10431
|
-
return res;
|
|
10432
|
-
}
|
|
10433
|
-
/**
|
|
10434
|
-
* AEAD algorithm from RFC 8439.
|
|
10435
|
-
* Salsa20 and chacha (RFC 8439) use poly1305 differently.
|
|
10436
|
-
* We could have composed them, but it's hard because of authKey:
|
|
10437
|
-
* In salsa20, authKey changes position in salsa stream.
|
|
10438
|
-
* In chacha, authKey can't be computed inside computeTag, it modifies the counter.
|
|
10439
|
-
*/
|
|
10440
|
-
const _poly1305_aead = (xorStream) => (key, nonce, AAD) => {
|
|
10441
|
-
const tagLength = 16;
|
|
10442
|
-
return {
|
|
10443
|
-
encrypt(plaintext, output) {
|
|
10444
|
-
const plength = plaintext.length;
|
|
10445
|
-
output = getOutput(plength + tagLength, output, false);
|
|
10446
|
-
output.set(plaintext);
|
|
10447
|
-
const oPlain = output.subarray(0, -16);
|
|
10448
|
-
xorStream(key, nonce, oPlain, oPlain, 1);
|
|
10449
|
-
const tag = computeTag(xorStream, key, nonce, oPlain, AAD);
|
|
10450
|
-
output.set(tag, plength);
|
|
10451
|
-
clean$1(tag);
|
|
10452
|
-
return output;
|
|
10453
|
-
},
|
|
10454
|
-
decrypt(ciphertext, output) {
|
|
10455
|
-
output = getOutput(ciphertext.length - tagLength, output, false);
|
|
10456
|
-
const data = ciphertext.subarray(0, -16);
|
|
10457
|
-
const passedTag = ciphertext.subarray(-16);
|
|
10458
|
-
const tag = computeTag(xorStream, key, nonce, data, AAD);
|
|
10459
|
-
if (!equalBytes$2(passedTag, tag)) throw new Error("invalid tag");
|
|
10460
|
-
output.set(ciphertext.subarray(0, -16));
|
|
10461
|
-
xorStream(key, nonce, output, output, 1);
|
|
10462
|
-
clean$1(tag);
|
|
10463
|
-
return output;
|
|
10464
|
-
}
|
|
10465
|
-
};
|
|
10466
|
-
};
|
|
10467
|
-
/**
|
|
10468
|
-
* ChaCha20-Poly1305 from RFC 8439.
|
|
10469
|
-
*
|
|
10470
|
-
* Unsafe to use random nonces under the same key, due to collision chance.
|
|
10471
|
-
* Prefer XChaCha instead.
|
|
10472
|
-
*/
|
|
10473
|
-
const chacha20poly1305 = /* @__PURE__ */ wrapCipher({
|
|
10474
|
-
blockSize: 64,
|
|
10475
|
-
nonceLength: 12,
|
|
10476
|
-
tagLength: 16
|
|
10477
|
-
}, _poly1305_aead(chacha20));
|
|
10478
|
-
/**
|
|
10479
|
-
* XChaCha20-Poly1305 extended-nonce chacha.
|
|
10480
|
-
*
|
|
10481
|
-
* Can be safely used with random nonces (CSPRNG).
|
|
10482
|
-
* See [IRTF draft](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha).
|
|
10483
|
-
*/
|
|
10484
|
-
const xchacha20poly1305 = /* @__PURE__ */ wrapCipher({
|
|
10485
|
-
blockSize: 64,
|
|
10486
|
-
nonceLength: 24,
|
|
10487
|
-
tagLength: 16
|
|
10488
|
-
}, _poly1305_aead(xchacha20));
|
|
10489
|
-
|
|
10490
9704
|
//#endregion
|
|
10491
9705
|
//#region ../../node_modules/.bun/@noble+hashes@2.0.1/node_modules/@noble/hashes/utils.js
|
|
10492
9706
|
/**
|
|
@@ -14461,7 +13675,7 @@ const MLKEM768P256 = ml_kem768_p256;
|
|
|
14461
13675
|
* abytes(new Uint8Array(1));
|
|
14462
13676
|
* ```
|
|
14463
13677
|
*/
|
|
14464
|
-
const abytes = (value, length, title) => abytes$
|
|
13678
|
+
const abytes = (value, length, title) => abytes$3(value, length, title);
|
|
14465
13679
|
/**
|
|
14466
13680
|
* Validates that a value is a non-negative safe integer.
|
|
14467
13681
|
* @param n - Value to validate.
|
|
@@ -14473,7 +13687,7 @@ const abytes = (value, length, title) => abytes$4(value, length, title);
|
|
|
14473
13687
|
* anumber(1);
|
|
14474
13688
|
* ```
|
|
14475
13689
|
*/
|
|
14476
|
-
const anumber = anumber$
|
|
13690
|
+
const anumber = anumber$3;
|
|
14477
13691
|
/**
|
|
14478
13692
|
* Encodes bytes as lowercase hex.
|
|
14479
13693
|
* @param bytes - Bytes to encode.
|
|
@@ -14521,7 +13735,7 @@ const hexToBytes = (hex) => hexToBytes$2(hex);
|
|
|
14521
13735
|
* isBytes(new Uint8Array(1));
|
|
14522
13736
|
* ```
|
|
14523
13737
|
*/
|
|
14524
|
-
const isBytes = isBytes$
|
|
13738
|
+
const isBytes = isBytes$3;
|
|
14525
13739
|
/**
|
|
14526
13740
|
* Reads random bytes from the platform CSPRNG.
|
|
14527
13741
|
* @param bytesLength - Number of random bytes to read.
|
|
@@ -14661,7 +13875,7 @@ function bytesToNumberBE(bytes) {
|
|
|
14661
13875
|
* ```
|
|
14662
13876
|
*/
|
|
14663
13877
|
function bytesToNumberLE(bytes) {
|
|
14664
|
-
return hexToNumber(bytesToHex$2(copyBytes(abytes$
|
|
13878
|
+
return hexToNumber(bytesToHex$2(copyBytes(abytes$3(bytes)).reverse()));
|
|
14665
13879
|
}
|
|
14666
13880
|
/**
|
|
14667
13881
|
* Encodes a bigint into fixed-length big-endian bytes.
|
|
@@ -14677,7 +13891,7 @@ function bytesToNumberLE(bytes) {
|
|
|
14677
13891
|
* ```
|
|
14678
13892
|
*/
|
|
14679
13893
|
function numberToBytesBE(n, len) {
|
|
14680
|
-
anumber$
|
|
13894
|
+
anumber$3(len);
|
|
14681
13895
|
if (len === 0) throw new RangeError("zero length");
|
|
14682
13896
|
n = abignumber(n);
|
|
14683
13897
|
const hex = n.toString(16);
|
|
@@ -14849,8 +14063,8 @@ const bitMask = (n) => (_1n$6 << BigInt(n)) - _1n$6;
|
|
|
14849
14063
|
* ```
|
|
14850
14064
|
*/
|
|
14851
14065
|
function createHmacDrbg(hashLen, qByteLen, hmacFn) {
|
|
14852
|
-
anumber$
|
|
14853
|
-
anumber$
|
|
14066
|
+
anumber$3(hashLen, "hashLen");
|
|
14067
|
+
anumber$3(qByteLen, "qByteLen");
|
|
14854
14068
|
if (typeof hmacFn !== "function") throw new TypeError("hmacFn must be a function");
|
|
14855
14069
|
const u8n = (len) => new Uint8Array(len);
|
|
14856
14070
|
const NULL = Uint8Array.of();
|
|
@@ -17705,7 +16919,7 @@ var _RistrettoPoint = class _RistrettoPoint extends PrimeEdwardsPoint {
|
|
|
17705
16919
|
return new _RistrettoPoint(ep);
|
|
17706
16920
|
}
|
|
17707
16921
|
static fromBytes(bytes) {
|
|
17708
|
-
abytes$
|
|
16922
|
+
abytes$3(bytes, 32);
|
|
17709
16923
|
const { a, d } = ed25519_CURVE;
|
|
17710
16924
|
const P = ed25519_CURVE_p;
|
|
17711
16925
|
const mod = (n) => Fp.create(n);
|
|
@@ -17829,7 +17043,7 @@ const ristretto255_hasher = Object.freeze({
|
|
|
17829
17043
|
* `hash_to_ristretto255` function defined in RFC 9380.
|
|
17830
17044
|
*/
|
|
17831
17045
|
deriveToCurve(bytes) {
|
|
17832
|
-
abytes$
|
|
17046
|
+
abytes$3(bytes, 64);
|
|
17833
17047
|
const R1 = calcElligatorRistrettoMap(bytes255ToNumberLE(bytes.subarray(0, 32)));
|
|
17834
17048
|
const R2 = calcElligatorRistrettoMap(bytes255ToNumberLE(bytes.subarray(32, 64)));
|
|
17835
17049
|
return new _RistrettoPoint(R1.add(R2));
|