@byline/admin 0.10.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/modules/auth/password.d.ts.map +1 -1
- package/dist/modules/auth/password.js +51 -10
- package/dist/modules/auth/password.js.map +1 -1
- package/dist/modules/auth/phc.d.ts +45 -0
- package/dist/modules/auth/phc.d.ts.map +1 -0
- package/dist/modules/auth/phc.js +88 -0
- package/dist/modules/auth/phc.js.map +1 -0
- package/dist/vendor/noble-argon2/_blake.d.ts +21 -0
- package/dist/vendor/noble-argon2/_blake.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/_blake.js +53 -0
- package/dist/vendor/noble-argon2/_blake.js.map +1 -0
- package/dist/vendor/noble-argon2/_md.d.ts +99 -0
- package/dist/vendor/noble-argon2/_md.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/_md.js +203 -0
- package/dist/vendor/noble-argon2/_md.js.map +1 -0
- package/dist/vendor/noble-argon2/_u64.d.ts +63 -0
- package/dist/vendor/noble-argon2/_u64.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/_u64.js +84 -0
- package/dist/vendor/noble-argon2/_u64.js.map +1 -0
- package/dist/vendor/noble-argon2/argon2.d.ts +112 -0
- package/dist/vendor/noble-argon2/argon2.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/argon2.js +518 -0
- package/dist/vendor/noble-argon2/argon2.js.map +1 -0
- package/dist/vendor/noble-argon2/blake2.d.ts +184 -0
- package/dist/vendor/noble-argon2/blake2.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/blake2.js +502 -0
- package/dist/vendor/noble-argon2/blake2.js.map +1 -0
- package/dist/vendor/noble-argon2/utils.d.ts +519 -0
- package/dist/vendor/noble-argon2/utils.d.ts.map +1 -0
- package/dist/vendor/noble-argon2/utils.js +578 -0
- package/dist/vendor/noble-argon2/utils.js.map +1 -0
- package/package.json +4 -5
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/password.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/password.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH,4DAA4D;AAC5D,wBAAsB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAqBrE;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAWrF"}
|
|
@@ -6,7 +6,9 @@
|
|
|
6
6
|
* Copyright (c) Infonomic Company Limited
|
|
7
7
|
*/
|
|
8
8
|
/**
|
|
9
|
-
* Password hashing — argon2id via
|
|
9
|
+
* Password hashing — argon2id via the vendored `@noble/hashes` copy at
|
|
10
|
+
* `../../vendor/noble-argon2/`. Pure-JS, runs anywhere with a modern JS
|
|
11
|
+
* runtime (Node, Workers, Deno, Bun, browsers).
|
|
10
12
|
*
|
|
11
13
|
* Stores the full PHC string (`$argon2id$v=19$m=…$…$…`) in the
|
|
12
14
|
* `byline_admin_users.password` column. That makes the algorithm and
|
|
@@ -16,24 +18,55 @@
|
|
|
16
18
|
* Defaults follow OWASP 2023 guidance for argon2id: memory 19 MiB,
|
|
17
19
|
* iterations 2, parallelism 1. These are reasonable for typical server
|
|
18
20
|
* hardware; tune if sign-in latency becomes a concern under load.
|
|
21
|
+
*
|
|
22
|
+
* Note: pure-JS argon2id is meaningfully slower than the previous
|
|
23
|
+
* `@node-rs/argon2` Rust binding (~50–150 ms vs ~10 ms at these params on
|
|
24
|
+
* modern server hardware). For interactive sign-in this is fine; for
|
|
25
|
+
* high-throughput auth services consider tuning `HASH_OPTIONS` or
|
|
26
|
+
* reintroducing a native binding behind a runtime-feature check.
|
|
19
27
|
*/
|
|
20
|
-
import {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
* (The `Algorithm` enum exported by the package is a const enum and
|
|
24
|
-
* cannot be referenced under `verbatimModuleSyntax`.)
|
|
25
|
-
*/
|
|
28
|
+
import { argon2idAsync } from '../../vendor/noble-argon2/argon2.js';
|
|
29
|
+
import { decodeArgon2idPhc, encodeArgon2idPhc, timingSafeEqual } from './phc.js';
|
|
30
|
+
/** Argon2id cost parameters. Matches the prior `@node-rs/argon2` defaults. */
|
|
26
31
|
const HASH_OPTIONS = {
|
|
27
|
-
|
|
32
|
+
/** Memory cost in KiB (19 MiB). */
|
|
33
|
+
memoryCost: 19456,
|
|
34
|
+
/** Iterations. */
|
|
28
35
|
timeCost: 2,
|
|
36
|
+
/** Parallelism (lanes). */
|
|
29
37
|
parallelism: 1,
|
|
38
|
+
/** Derived-key length in bytes — 32 matches the prior stored hashes. */
|
|
39
|
+
hashLength: 32,
|
|
40
|
+
/** Salt length in bytes — 16 matches the prior stored hashes. */
|
|
41
|
+
saltLength: 16,
|
|
30
42
|
};
|
|
43
|
+
/** Argon2 v1.3 (RFC 9106). */
|
|
44
|
+
const ARGON2_VERSION = 0x13;
|
|
45
|
+
function randomSalt(length) {
|
|
46
|
+
return crypto.getRandomValues(new Uint8Array(length));
|
|
47
|
+
}
|
|
31
48
|
/** Hash a plaintext password. Returns a full PHC string. */
|
|
32
49
|
export async function hashPassword(plaintext) {
|
|
33
50
|
if (plaintext.length === 0) {
|
|
34
51
|
throw new Error('hashPassword: plaintext must be non-empty');
|
|
35
52
|
}
|
|
36
|
-
|
|
53
|
+
const salt = randomSalt(HASH_OPTIONS.saltLength);
|
|
54
|
+
const hash = await argon2idAsync(plaintext, salt, {
|
|
55
|
+
m: HASH_OPTIONS.memoryCost,
|
|
56
|
+
t: HASH_OPTIONS.timeCost,
|
|
57
|
+
p: HASH_OPTIONS.parallelism,
|
|
58
|
+
dkLen: HASH_OPTIONS.hashLength,
|
|
59
|
+
version: ARGON2_VERSION,
|
|
60
|
+
});
|
|
61
|
+
return encodeArgon2idPhc({
|
|
62
|
+
algorithm: 'argon2id',
|
|
63
|
+
version: ARGON2_VERSION,
|
|
64
|
+
memoryCost: HASH_OPTIONS.memoryCost,
|
|
65
|
+
timeCost: HASH_OPTIONS.timeCost,
|
|
66
|
+
parallelism: HASH_OPTIONS.parallelism,
|
|
67
|
+
salt,
|
|
68
|
+
hash,
|
|
69
|
+
});
|
|
37
70
|
}
|
|
38
71
|
/**
|
|
39
72
|
* Verify a plaintext password against a stored PHC string. Returns `false`
|
|
@@ -43,6 +76,14 @@ export async function hashPassword(plaintext) {
|
|
|
43
76
|
export async function verifyPassword(plaintext, phc) {
|
|
44
77
|
if (plaintext.length === 0 || phc.length === 0)
|
|
45
78
|
return false;
|
|
46
|
-
|
|
79
|
+
const decoded = decodeArgon2idPhc(phc);
|
|
80
|
+
const candidate = await argon2idAsync(plaintext, decoded.salt, {
|
|
81
|
+
m: decoded.memoryCost,
|
|
82
|
+
t: decoded.timeCost,
|
|
83
|
+
p: decoded.parallelism,
|
|
84
|
+
dkLen: decoded.hash.length,
|
|
85
|
+
version: decoded.version,
|
|
86
|
+
});
|
|
87
|
+
return timingSafeEqual(candidate, decoded.hash);
|
|
47
88
|
}
|
|
48
89
|
//# sourceMappingURL=password.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/modules/auth/password.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH
|
|
1
|
+
{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/modules/auth/password.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAEhF,8EAA8E;AAC9E,MAAM,YAAY,GAAG;IACnB,mCAAmC;IACnC,UAAU,EAAE,KAAK;IACjB,kBAAkB;IAClB,QAAQ,EAAE,CAAC;IACX,2BAA2B;IAC3B,WAAW,EAAE,CAAC;IACd,wEAAwE;IACxE,UAAU,EAAE,EAAE;IACd,iEAAiE;IACjE,UAAU,EAAE,EAAE;CACN,CAAA;AAEV,8BAA8B;AAC9B,MAAM,cAAc,GAAG,IAAI,CAAA;AAE3B,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;AACvD,CAAC;AAED,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,SAAiB;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;IAC9D,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,IAAI,EAAE;QAChD,CAAC,EAAE,YAAY,CAAC,UAAU;QAC1B,CAAC,EAAE,YAAY,CAAC,QAAQ;QACxB,CAAC,EAAE,YAAY,CAAC,WAAW;QAC3B,KAAK,EAAE,YAAY,CAAC,UAAU;QAC9B,OAAO,EAAE,cAAc;KACxB,CAAC,CAAA;IACF,OAAO,iBAAiB,CAAC;QACvB,SAAS,EAAE,UAAU;QACrB,OAAO,EAAE,cAAc;QACvB,UAAU,EAAE,YAAY,CAAC,UAAU;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,IAAI;QACJ,IAAI;KACL,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,GAAW;IACjE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAC5D,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAA;IACtC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,EAAE;QAC7D,CAAC,EAAE,OAAO,CAAC,UAAU;QACrB,CAAC,EAAE,OAAO,CAAC,QAAQ;QACnB,CAAC,EAAE,OAAO,CAAC,WAAW;QACtB,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;QAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAA;IACF,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* PHC (Password Hashing Competition) string format encode / decode for argon2id.
|
|
10
|
+
*
|
|
11
|
+
* Format:
|
|
12
|
+
* $argon2id$v=<ver>$m=<mem>,t=<iter>,p=<para>$<saltB64>$<hashB64>
|
|
13
|
+
*
|
|
14
|
+
* Where `saltB64` and `hashB64` use the PHC "B64" alphabet — standard base64
|
|
15
|
+
* without trailing `=` padding. Matches the wire format produced by
|
|
16
|
+
* `@node-rs/argon2` and `argon2-cffi`, so existing password column rows keep
|
|
17
|
+
* verifying after the cutover.
|
|
18
|
+
*
|
|
19
|
+
* Implemented against the Web-standard `btoa` / `atob` (available in Node ≥ 16,
|
|
20
|
+
* browsers, Workers, Deno, Bun) so this module has no Node-specific surface.
|
|
21
|
+
*/
|
|
22
|
+
export type Argon2idPhc = {
|
|
23
|
+
/** Always `'argon2id'` for this codebase. */
|
|
24
|
+
algorithm: 'argon2id';
|
|
25
|
+
/** Argon2 version number — `0x13` (decimal 19) since RFC 9106. */
|
|
26
|
+
version: number;
|
|
27
|
+
/** Memory cost in KiB. */
|
|
28
|
+
memoryCost: number;
|
|
29
|
+
/** Iterations. */
|
|
30
|
+
timeCost: number;
|
|
31
|
+
/** Parallelism (lanes). */
|
|
32
|
+
parallelism: number;
|
|
33
|
+
/** Raw salt bytes. */
|
|
34
|
+
salt: Uint8Array;
|
|
35
|
+
/** Raw derived-key bytes. */
|
|
36
|
+
hash: Uint8Array;
|
|
37
|
+
};
|
|
38
|
+
export declare function encodeArgon2idPhc(phc: Argon2idPhc): string;
|
|
39
|
+
export declare function decodeArgon2idPhc(s: string): Argon2idPhc;
|
|
40
|
+
/**
|
|
41
|
+
* Constant-time byte comparison. Returns `true` only if both arrays have the
|
|
42
|
+
* same length and every byte matches. Intended for hash verification.
|
|
43
|
+
*/
|
|
44
|
+
export declare function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
45
|
+
//# sourceMappingURL=phc.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"phc.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/phc.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,WAAW,GAAG;IACxB,6CAA6C;IAC7C,SAAS,EAAE,UAAU,CAAA;IACrB,kEAAkE;IAClE,OAAO,EAAE,MAAM,CAAA;IACf,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,kBAAkB;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAA;IACnB,sBAAsB;IACtB,IAAI,EAAE,UAAU,CAAA;IAChB,6BAA6B;IAC7B,IAAI,EAAE,UAAU,CAAA;CACjB,CAAA;AAgBD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,WAAW,GAAG,MAAM,CAQ1D;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,GAAG,WAAW,CA6CxD;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAKrE"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
function bytesToB64NoPad(bytes) {
|
|
9
|
+
let bin = '';
|
|
10
|
+
for (let i = 0; i < bytes.length; i++)
|
|
11
|
+
bin += String.fromCharCode(bytes[i]);
|
|
12
|
+
return btoa(bin).replace(/=+$/, '');
|
|
13
|
+
}
|
|
14
|
+
function b64NoPadToBytes(b64) {
|
|
15
|
+
const padded = b64 + '='.repeat((4 - (b64.length % 4)) % 4);
|
|
16
|
+
const bin = atob(padded);
|
|
17
|
+
const out = new Uint8Array(bin.length);
|
|
18
|
+
for (let i = 0; i < bin.length; i++)
|
|
19
|
+
out[i] = bin.charCodeAt(i);
|
|
20
|
+
return out;
|
|
21
|
+
}
|
|
22
|
+
export function encodeArgon2idPhc(phc) {
|
|
23
|
+
return (`$${phc.algorithm}` +
|
|
24
|
+
`$v=${phc.version}` +
|
|
25
|
+
`$m=${phc.memoryCost},t=${phc.timeCost},p=${phc.parallelism}` +
|
|
26
|
+
`$${bytesToB64NoPad(phc.salt)}` +
|
|
27
|
+
`$${bytesToB64NoPad(phc.hash)}`);
|
|
28
|
+
}
|
|
29
|
+
export function decodeArgon2idPhc(s) {
|
|
30
|
+
// Leading `$` produces an empty first segment, so a valid argon2id PHC string
|
|
31
|
+
// splits into exactly 6 parts: ['', algo, 'v=…', 'm=…,t=…,p=…', salt, hash].
|
|
32
|
+
const parts = s.split('$');
|
|
33
|
+
if (parts.length !== 6 || parts[0] !== '') {
|
|
34
|
+
throw new Error('decodeArgon2idPhc: malformed PHC string');
|
|
35
|
+
}
|
|
36
|
+
const algorithm = parts[1] ?? '';
|
|
37
|
+
const versionField = parts[2] ?? '';
|
|
38
|
+
const paramsField = parts[3] ?? '';
|
|
39
|
+
const saltB64 = parts[4] ?? '';
|
|
40
|
+
const hashB64 = parts[5] ?? '';
|
|
41
|
+
if (algorithm !== 'argon2id') {
|
|
42
|
+
throw new Error(`decodeArgon2idPhc: unsupported algorithm "${algorithm}"`);
|
|
43
|
+
}
|
|
44
|
+
if (!versionField.startsWith('v=')) {
|
|
45
|
+
throw new Error('decodeArgon2idPhc: missing version field');
|
|
46
|
+
}
|
|
47
|
+
const version = Number.parseInt(versionField.slice(2), 10);
|
|
48
|
+
if (!Number.isInteger(version)) {
|
|
49
|
+
throw new Error(`decodeArgon2idPhc: invalid version "${versionField}"`);
|
|
50
|
+
}
|
|
51
|
+
const params = {};
|
|
52
|
+
for (const kv of paramsField.split(',')) {
|
|
53
|
+
const eq = kv.indexOf('=');
|
|
54
|
+
if (eq <= 0)
|
|
55
|
+
throw new Error(`decodeArgon2idPhc: malformed param "${kv}"`);
|
|
56
|
+
const k = kv.slice(0, eq);
|
|
57
|
+
const v = Number.parseInt(kv.slice(eq + 1), 10);
|
|
58
|
+
if (!Number.isInteger(v))
|
|
59
|
+
throw new Error(`decodeArgon2idPhc: malformed param value "${kv}"`);
|
|
60
|
+
if (k === 'm' || k === 't' || k === 'p')
|
|
61
|
+
params[k] = v;
|
|
62
|
+
}
|
|
63
|
+
if (params.m === undefined || params.t === undefined || params.p === undefined) {
|
|
64
|
+
throw new Error('decodeArgon2idPhc: missing required m/t/p params');
|
|
65
|
+
}
|
|
66
|
+
return {
|
|
67
|
+
algorithm: 'argon2id',
|
|
68
|
+
version,
|
|
69
|
+
memoryCost: params.m,
|
|
70
|
+
timeCost: params.t,
|
|
71
|
+
parallelism: params.p,
|
|
72
|
+
salt: b64NoPadToBytes(saltB64),
|
|
73
|
+
hash: b64NoPadToBytes(hashB64),
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Constant-time byte comparison. Returns `true` only if both arrays have the
|
|
78
|
+
* same length and every byte matches. Intended for hash verification.
|
|
79
|
+
*/
|
|
80
|
+
export function timingSafeEqual(a, b) {
|
|
81
|
+
if (a.length !== b.length)
|
|
82
|
+
return false;
|
|
83
|
+
let diff = 0;
|
|
84
|
+
for (let i = 0; i < a.length; i++)
|
|
85
|
+
diff |= a[i] ^ b[i];
|
|
86
|
+
return diff === 0;
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=phc.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"phc.js","sourceRoot":"","sources":["../../../src/modules/auth/phc.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkCH,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAW,CAAC,CAAA;IACrF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACrC,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAA;IACxB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC/D,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAgB;IAChD,OAAO,CACL,IAAI,GAAG,CAAC,SAAS,EAAE;QACnB,MAAM,GAAG,CAAC,OAAO,EAAE;QACnB,MAAM,GAAG,CAAC,UAAU,MAAM,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,WAAW,EAAE;QAC7D,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;QAC/B,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAChC,CAAA;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAS;IACzC,8EAA8E;IAC9E,6EAA6E;IAC7E,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAA2B,CAAA;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAChC,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IACnC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAClC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAC9B,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,6CAA6C,SAAS,GAAG,CAAC,CAAA;IAC5E,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC7D,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,YAAY,GAAG,CAAC,CAAA;IACzE,CAAC;IAED,MAAM,MAAM,GAA6C,EAAE,CAAA;IAC3D,KAAK,MAAM,EAAE,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,EAAE,IAAI,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAA;QAC1E,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACzB,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QAC/C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,EAAE,GAAG,CAAC,CAAA;QAC7F,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACxD,CAAC;IACD,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QAC/E,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACrE,CAAC;IAED,OAAO;QACL,SAAS,EAAE,UAAU;QACrB,OAAO;QACP,UAAU,EAAE,MAAM,CAAC,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC,CAAC;QACrB,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC;QAC9B,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC;KAC/B,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,CAAa,EAAE,CAAa;IAC1D,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACvC,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAK,CAAC,CAAC,CAAC,CAAY,GAAI,CAAC,CAAC,CAAC,CAAY,CAAA;IAC9E,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Internal helpers for blake hash.
|
|
3
|
+
* @module
|
|
4
|
+
*/
|
|
5
|
+
import { type TRet } from './utils.js';
|
|
6
|
+
/**
|
|
7
|
+
* Internal blake permutation table.
|
|
8
|
+
* Rows `0..9` serve BLAKE2s, rows `0..11` serve BLAKE2b with `10..11 = 0..1`, and Blake1 also
|
|
9
|
+
* reuses the later rows shown below. Blake1 expands rounds `10..15` as `SIGMA[i % 10]`, so rows
|
|
10
|
+
* `10..15` intentionally repeat rows `0..5` for the 14-round (256) and 16-round (512) variants.
|
|
11
|
+
*/
|
|
12
|
+
export declare const BSIGMA: TRet<Uint8Array>;
|
|
13
|
+
export type Num4 = {
|
|
14
|
+
a: number;
|
|
15
|
+
b: number;
|
|
16
|
+
c: number;
|
|
17
|
+
d: number;
|
|
18
|
+
};
|
|
19
|
+
export declare function G1s(a: number, b: number, c: number, d: number, x: number): Num4;
|
|
20
|
+
export declare function G2s(a: number, b: number, c: number, d: number, x: number): Num4;
|
|
21
|
+
//# sourceMappingURL=_blake.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"_blake.d.ts","sourceRoot":"","sources":["../../../src/vendor/noble-argon2/_blake.ts"],"names":[],"mappings":"AACA;;;GAGG;AACH,OAAO,EAAQ,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAE7C;;;;;GAKG;AAEH,eAAO,MAAM,MAAM,EAAE,IAAI,CAAC,UAAU,CAkBlC,CAAC;AAGH,MAAM,MAAM,IAAI,GAAG;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAC;CAAE,CAAC;AAKnE,wBAAgB,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAM/E;AAKD,wBAAgB,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAM/E"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
// @ts-nocheck — vendored from noble-hashes; see ./README.md
|
|
2
|
+
/**
|
|
3
|
+
* Internal helpers for blake hash.
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
6
|
+
import { rotr } from './utils.js';
|
|
7
|
+
/**
|
|
8
|
+
* Internal blake permutation table.
|
|
9
|
+
* Rows `0..9` serve BLAKE2s, rows `0..11` serve BLAKE2b with `10..11 = 0..1`, and Blake1 also
|
|
10
|
+
* reuses the later rows shown below. Blake1 expands rounds `10..15` as `SIGMA[i % 10]`, so rows
|
|
11
|
+
* `10..15` intentionally repeat rows `0..5` for the 14-round (256) and 16-round (512) variants.
|
|
12
|
+
*/
|
|
13
|
+
// prettier-ignore
|
|
14
|
+
export const BSIGMA = /* @__PURE__ */ Uint8Array.from([
|
|
15
|
+
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
|
|
16
|
+
14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
|
|
17
|
+
11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
|
|
18
|
+
7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
|
|
19
|
+
9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
|
|
20
|
+
2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
|
|
21
|
+
12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
|
|
22
|
+
13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
|
|
23
|
+
6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
|
|
24
|
+
10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
|
|
25
|
+
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
|
|
26
|
+
14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
|
|
27
|
+
// Blake1, unused in others
|
|
28
|
+
11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
|
|
29
|
+
7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
|
|
30
|
+
9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
|
|
31
|
+
2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
|
|
32
|
+
]);
|
|
33
|
+
// 32-bit / BLAKE2s first half of G, with the fixed `(16, 12)` rotation pair.
|
|
34
|
+
// Parameter `x` is the RFC 7693 first-half message word, or Blake1's pre-mixed
|
|
35
|
+
// `m[sigma[r][2i]] ^ u[sigma[r][2i+1]]` addend in the 32-bit path.
|
|
36
|
+
export function G1s(a, b, c, d, x) {
|
|
37
|
+
a = (a + b + x) | 0;
|
|
38
|
+
d = rotr(d ^ a, 16);
|
|
39
|
+
c = (c + d) | 0;
|
|
40
|
+
b = rotr(b ^ c, 12);
|
|
41
|
+
return { a, b, c, d };
|
|
42
|
+
}
|
|
43
|
+
// 32-bit / BLAKE2s second half of G.
|
|
44
|
+
// Parameter `x` is the RFC 7693 second-half (`y`) message word, or Blake1's pre-mixed
|
|
45
|
+
// `m[sigma[r][2i + 1]] ^ u[sigma[r][2i]]` addend in the 32-bit path.
|
|
46
|
+
export function G2s(a, b, c, d, x) {
|
|
47
|
+
a = (a + b + x) | 0;
|
|
48
|
+
d = rotr(d ^ a, 8);
|
|
49
|
+
c = (c + d) | 0;
|
|
50
|
+
b = rotr(b ^ c, 7);
|
|
51
|
+
return { a, b, c, d };
|
|
52
|
+
}
|
|
53
|
+
//# sourceMappingURL=_blake.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"_blake.js","sourceRoot":"","sources":["../../../src/vendor/noble-argon2/_blake.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D;;;GAGG;AACH,OAAO,EAAE,IAAI,EAAa,MAAM,YAAY,CAAC;AAE7C;;;;;GAKG;AACH,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAAqB,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC;IACtE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IACpD,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpD,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpD,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE;IACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;IACpD,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE;IACpD,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE;IACpD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;IACpD,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IACpD,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpD,2BAA2B;IAC3B,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpD,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE;IACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;CACrD,CAAC,CAAC;AAKH,6EAA6E;AAC7E,+EAA+E;AAC/E,mEAAmE;AACnE,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS;IACvE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IACpB,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IACpB,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;AACxB,CAAC;AAED,qCAAqC;AACrC,sFAAsF;AACtF,qEAAqE;AACrE,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS;IACvE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACnB,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACnB,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;AACxB,CAAC"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Internal Merkle-Damgard hash utils.
|
|
3
|
+
* @module
|
|
4
|
+
*/
|
|
5
|
+
import { type Hash, type TArg, type TRet } from './utils.js';
|
|
6
|
+
/**
|
|
7
|
+
* Shared 32-bit conditional boolean primitive reused by SHA-256, SHA-1, and MD5 `F`.
|
|
8
|
+
* Returns bits from `b` when `a` is set, otherwise from `c`.
|
|
9
|
+
* The XOR form is equivalent to MD5's `F(X,Y,Z) = XY v not(X)Z` because the masked terms never
|
|
10
|
+
* set the same bit.
|
|
11
|
+
* @param a - selector word
|
|
12
|
+
* @param b - word chosen when selector bit is set
|
|
13
|
+
* @param c - word chosen when selector bit is clear
|
|
14
|
+
* @returns Mixed 32-bit word.
|
|
15
|
+
* @example
|
|
16
|
+
* Combine three words with the shared 32-bit choice primitive.
|
|
17
|
+
* ```ts
|
|
18
|
+
* Chi(0xffffffff, 0x12345678, 0x87654321);
|
|
19
|
+
* ```
|
|
20
|
+
*/
|
|
21
|
+
export declare function Chi(a: number, b: number, c: number): number;
|
|
22
|
+
/**
|
|
23
|
+
* Shared 32-bit majority primitive reused by SHA-256 and SHA-1.
|
|
24
|
+
* Returns bits shared by at least two inputs.
|
|
25
|
+
* @param a - first input word
|
|
26
|
+
* @param b - second input word
|
|
27
|
+
* @param c - third input word
|
|
28
|
+
* @returns Mixed 32-bit word.
|
|
29
|
+
* @example
|
|
30
|
+
* Combine three words with the shared 32-bit majority primitive.
|
|
31
|
+
* ```ts
|
|
32
|
+
* Maj(0xffffffff, 0x12345678, 0x87654321);
|
|
33
|
+
* ```
|
|
34
|
+
*/
|
|
35
|
+
export declare function Maj(a: number, b: number, c: number): number;
|
|
36
|
+
/**
|
|
37
|
+
* Merkle-Damgard hash construction base class.
|
|
38
|
+
* Could be used to create MD5, RIPEMD, SHA1, SHA2.
|
|
39
|
+
* Accepts only byte-aligned `Uint8Array` input, even when the underlying spec describes bit
|
|
40
|
+
* strings with partial-byte tails.
|
|
41
|
+
* @param blockLen - internal block size in bytes
|
|
42
|
+
* @param outputLen - digest size in bytes
|
|
43
|
+
* @param padOffset - trailing length field size in bytes
|
|
44
|
+
* @param isLE - whether length and state words are encoded in little-endian
|
|
45
|
+
* @example
|
|
46
|
+
* Use a concrete subclass to get the shared Merkle-Damgard update/digest flow.
|
|
47
|
+
* ```ts
|
|
48
|
+
* import { _SHA1 } from '@noble/hashes/legacy.js';
|
|
49
|
+
* const hash = new _SHA1();
|
|
50
|
+
* hash.update(new Uint8Array([97, 98, 99]));
|
|
51
|
+
* hash.digest();
|
|
52
|
+
* ```
|
|
53
|
+
*/
|
|
54
|
+
export declare abstract class HashMD<T extends HashMD<T>> implements Hash<T> {
|
|
55
|
+
protected abstract process(buf: DataView, offset: number): void;
|
|
56
|
+
protected abstract get(): number[];
|
|
57
|
+
protected abstract set(...args: number[]): void;
|
|
58
|
+
abstract destroy(): void;
|
|
59
|
+
protected abstract roundClean(): void;
|
|
60
|
+
readonly blockLen: number;
|
|
61
|
+
readonly outputLen: number;
|
|
62
|
+
readonly canXOF = false;
|
|
63
|
+
readonly padOffset: number;
|
|
64
|
+
readonly isLE: boolean;
|
|
65
|
+
protected buffer: Uint8Array;
|
|
66
|
+
protected view: DataView;
|
|
67
|
+
protected finished: boolean;
|
|
68
|
+
protected length: number;
|
|
69
|
+
protected pos: number;
|
|
70
|
+
protected destroyed: boolean;
|
|
71
|
+
constructor(blockLen: number, outputLen: number, padOffset: number, isLE: boolean);
|
|
72
|
+
update(data: TArg<Uint8Array>): this;
|
|
73
|
+
digestInto(out: TArg<Uint8Array>): void;
|
|
74
|
+
digest(): TRet<Uint8Array>;
|
|
75
|
+
_cloneInto(to?: T): T;
|
|
76
|
+
clone(): T;
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Initial SHA-2 state: fractional parts of square roots of first 16 primes 2..53.
|
|
80
|
+
* Check out `test/misc/sha2-gen-iv.js` for recomputation guide.
|
|
81
|
+
*/
|
|
82
|
+
/** Initial SHA256 state from RFC 6234 §6.1: the first 32 bits of the fractional parts of the
|
|
83
|
+
* square roots of the first eight prime numbers. Exported as a shared table; callers must treat
|
|
84
|
+
* it as read-only because constructors copy words from it by index. */
|
|
85
|
+
export declare const SHA256_IV: TRet<Uint32Array>;
|
|
86
|
+
/** Initial SHA224 state `H(0)` from RFC 6234 §6.1. Exported as a shared table; callers must
|
|
87
|
+
* treat it as read-only because constructors copy words from it by index. */
|
|
88
|
+
export declare const SHA224_IV: TRet<Uint32Array>;
|
|
89
|
+
/** Initial SHA384 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen
|
|
90
|
+
* big-endian 32-bit halves. Derived from the fractional parts of the square roots of the ninth
|
|
91
|
+
* through sixteenth prime numbers. Exported as a shared table; callers must treat it as read-only
|
|
92
|
+
* because constructors copy halves from it by index. */
|
|
93
|
+
export declare const SHA384_IV: TRet<Uint32Array>;
|
|
94
|
+
/** Initial SHA512 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen
|
|
95
|
+
* big-endian 32-bit halves. Derived from the fractional parts of the square roots of the first
|
|
96
|
+
* eight prime numbers. Exported as a shared table; callers must treat it as read-only because
|
|
97
|
+
* constructors copy halves from it by index. */
|
|
98
|
+
export declare const SHA512_IV: TRet<Uint32Array>;
|
|
99
|
+
//# sourceMappingURL=_md.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"_md.d.ts","sourceRoot":"","sources":["../../../src/vendor/noble-argon2/_md.ts"],"names":[],"mappings":"AACA;;;GAGG;AACH,OAAO,EAML,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,IAAI,EACV,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,8BAAsB,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAE,YAAW,IAAI,CAAC,CAAC,CAAC;IAGlE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAC/D,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,MAAM,EAAE;IAClC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAC/C,QAAQ,CAAC,OAAO,IAAI,IAAI;IACxB,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI;IAErC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,SAAS;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IAGvB,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC;IAC7B,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC;IACzB,SAAS,CAAC,QAAQ,UAAS;IAC3B,SAAS,CAAC,MAAM,SAAK;IACrB,SAAS,CAAC,GAAG,SAAK;IAClB,SAAS,CAAC,SAAS,UAAS;gBAEhB,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO;IAQjF,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI;IA0BpC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI;IAkCvC,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC;IAS1B,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC;IAarB,KAAK,IAAI,CAAC;CAGX;AAED;;;GAGG;AAEH;;uEAEuE;AACvE,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,WAAW,CAEtC,CAAC;AAEH;6EAC6E;AAC7E,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,WAAW,CAEtC,CAAC;AAEH;;;wDAGwD;AACxD,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,WAAW,CAGtC,CAAC;AAEH;;;gDAGgD;AAChD,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,WAAW,CAGtC,CAAC"}
|
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
// @ts-nocheck — vendored from noble-hashes; see ./README.md
|
|
2
|
+
/**
|
|
3
|
+
* Internal Merkle-Damgard hash utils.
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
6
|
+
import { abytes, aexists, aoutput, clean, createView, } from './utils.js';
|
|
7
|
+
/**
|
|
8
|
+
* Shared 32-bit conditional boolean primitive reused by SHA-256, SHA-1, and MD5 `F`.
|
|
9
|
+
* Returns bits from `b` when `a` is set, otherwise from `c`.
|
|
10
|
+
* The XOR form is equivalent to MD5's `F(X,Y,Z) = XY v not(X)Z` because the masked terms never
|
|
11
|
+
* set the same bit.
|
|
12
|
+
* @param a - selector word
|
|
13
|
+
* @param b - word chosen when selector bit is set
|
|
14
|
+
* @param c - word chosen when selector bit is clear
|
|
15
|
+
* @returns Mixed 32-bit word.
|
|
16
|
+
* @example
|
|
17
|
+
* Combine three words with the shared 32-bit choice primitive.
|
|
18
|
+
* ```ts
|
|
19
|
+
* Chi(0xffffffff, 0x12345678, 0x87654321);
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
export function Chi(a, b, c) {
|
|
23
|
+
return (a & b) ^ (~a & c);
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Shared 32-bit majority primitive reused by SHA-256 and SHA-1.
|
|
27
|
+
* Returns bits shared by at least two inputs.
|
|
28
|
+
* @param a - first input word
|
|
29
|
+
* @param b - second input word
|
|
30
|
+
* @param c - third input word
|
|
31
|
+
* @returns Mixed 32-bit word.
|
|
32
|
+
* @example
|
|
33
|
+
* Combine three words with the shared 32-bit majority primitive.
|
|
34
|
+
* ```ts
|
|
35
|
+
* Maj(0xffffffff, 0x12345678, 0x87654321);
|
|
36
|
+
* ```
|
|
37
|
+
*/
|
|
38
|
+
export function Maj(a, b, c) {
|
|
39
|
+
return (a & b) ^ (a & c) ^ (b & c);
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Merkle-Damgard hash construction base class.
|
|
43
|
+
* Could be used to create MD5, RIPEMD, SHA1, SHA2.
|
|
44
|
+
* Accepts only byte-aligned `Uint8Array` input, even when the underlying spec describes bit
|
|
45
|
+
* strings with partial-byte tails.
|
|
46
|
+
* @param blockLen - internal block size in bytes
|
|
47
|
+
* @param outputLen - digest size in bytes
|
|
48
|
+
* @param padOffset - trailing length field size in bytes
|
|
49
|
+
* @param isLE - whether length and state words are encoded in little-endian
|
|
50
|
+
* @example
|
|
51
|
+
* Use a concrete subclass to get the shared Merkle-Damgard update/digest flow.
|
|
52
|
+
* ```ts
|
|
53
|
+
* import { _SHA1 } from '@noble/hashes/legacy.js';
|
|
54
|
+
* const hash = new _SHA1();
|
|
55
|
+
* hash.update(new Uint8Array([97, 98, 99]));
|
|
56
|
+
* hash.digest();
|
|
57
|
+
* ```
|
|
58
|
+
*/
|
|
59
|
+
export class HashMD {
|
|
60
|
+
blockLen;
|
|
61
|
+
outputLen;
|
|
62
|
+
canXOF = false;
|
|
63
|
+
padOffset;
|
|
64
|
+
isLE;
|
|
65
|
+
// For partial updates less than block size
|
|
66
|
+
buffer;
|
|
67
|
+
view;
|
|
68
|
+
finished = false;
|
|
69
|
+
length = 0;
|
|
70
|
+
pos = 0;
|
|
71
|
+
destroyed = false;
|
|
72
|
+
constructor(blockLen, outputLen, padOffset, isLE) {
|
|
73
|
+
this.blockLen = blockLen;
|
|
74
|
+
this.outputLen = outputLen;
|
|
75
|
+
this.padOffset = padOffset;
|
|
76
|
+
this.isLE = isLE;
|
|
77
|
+
this.buffer = new Uint8Array(blockLen);
|
|
78
|
+
this.view = createView(this.buffer);
|
|
79
|
+
}
|
|
80
|
+
update(data) {
|
|
81
|
+
aexists(this);
|
|
82
|
+
abytes(data);
|
|
83
|
+
const { view, buffer, blockLen } = this;
|
|
84
|
+
const len = data.length;
|
|
85
|
+
for (let pos = 0; pos < len;) {
|
|
86
|
+
const take = Math.min(blockLen - this.pos, len - pos);
|
|
87
|
+
// Fast path only when there is no buffered partial block: `take === blockLen` implies
|
|
88
|
+
// `this.pos === 0`, so we can process full blocks directly from the input view.
|
|
89
|
+
if (take === blockLen) {
|
|
90
|
+
const dataView = createView(data);
|
|
91
|
+
for (; blockLen <= len - pos; pos += blockLen)
|
|
92
|
+
this.process(dataView, pos);
|
|
93
|
+
continue;
|
|
94
|
+
}
|
|
95
|
+
buffer.set(data.subarray(pos, pos + take), this.pos);
|
|
96
|
+
this.pos += take;
|
|
97
|
+
pos += take;
|
|
98
|
+
if (this.pos === blockLen) {
|
|
99
|
+
this.process(view, 0);
|
|
100
|
+
this.pos = 0;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
this.length += data.length;
|
|
104
|
+
this.roundClean();
|
|
105
|
+
return this;
|
|
106
|
+
}
|
|
107
|
+
digestInto(out) {
|
|
108
|
+
aexists(this);
|
|
109
|
+
aoutput(out, this);
|
|
110
|
+
this.finished = true;
|
|
111
|
+
// Padding
|
|
112
|
+
// We can avoid allocation of buffer for padding completely if it
|
|
113
|
+
// was previously not allocated here. But it won't change performance.
|
|
114
|
+
const { buffer, view, blockLen, isLE } = this;
|
|
115
|
+
let { pos } = this;
|
|
116
|
+
// append the bit '1' to the message
|
|
117
|
+
buffer[pos++] = 0b10000000;
|
|
118
|
+
clean(this.buffer.subarray(pos));
|
|
119
|
+
// we have less than padOffset left in buffer, so we cannot put length in
|
|
120
|
+
// current block, need process it and pad again
|
|
121
|
+
if (this.padOffset > blockLen - pos) {
|
|
122
|
+
this.process(view, 0);
|
|
123
|
+
pos = 0;
|
|
124
|
+
}
|
|
125
|
+
// Pad until full block byte with zeros
|
|
126
|
+
for (let i = pos; i < blockLen; i++)
|
|
127
|
+
buffer[i] = 0;
|
|
128
|
+
// `padOffset` reserves the whole length field. For SHA-384/512 the high 64 bits stay zero from
|
|
129
|
+
// the padding fill above, and JS will overflow before user input can make that half non-zero.
|
|
130
|
+
// So we only need to write the low 64 bits here.
|
|
131
|
+
view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
|
|
132
|
+
this.process(view, 0);
|
|
133
|
+
const oview = createView(out);
|
|
134
|
+
const len = this.outputLen;
|
|
135
|
+
// NOTE: we do division by 4 later, which must be fused in single op with modulo by JIT
|
|
136
|
+
if (len % 4)
|
|
137
|
+
throw new Error('_sha2: outputLen must be aligned to 32bit');
|
|
138
|
+
const outLen = len / 4;
|
|
139
|
+
const state = this.get();
|
|
140
|
+
if (outLen > state.length)
|
|
141
|
+
throw new Error('_sha2: outputLen bigger than state');
|
|
142
|
+
for (let i = 0; i < outLen; i++)
|
|
143
|
+
oview.setUint32(4 * i, state[i], isLE);
|
|
144
|
+
}
|
|
145
|
+
digest() {
|
|
146
|
+
const { buffer, outputLen } = this;
|
|
147
|
+
this.digestInto(buffer);
|
|
148
|
+
// Copy before destroy(): subclasses wipe `buffer` during cleanup, but `digest()` must return
|
|
149
|
+
// fresh bytes to the caller.
|
|
150
|
+
const res = buffer.slice(0, outputLen);
|
|
151
|
+
this.destroy();
|
|
152
|
+
return res;
|
|
153
|
+
}
|
|
154
|
+
_cloneInto(to) {
|
|
155
|
+
to ||= new this.constructor();
|
|
156
|
+
to.set(...this.get());
|
|
157
|
+
const { blockLen, buffer, length, finished, destroyed, pos } = this;
|
|
158
|
+
to.destroyed = destroyed;
|
|
159
|
+
to.finished = finished;
|
|
160
|
+
to.length = length;
|
|
161
|
+
to.pos = pos;
|
|
162
|
+
// Only partial-block bytes need copying: when `length % blockLen === 0`, `pos === 0` and
|
|
163
|
+
// later `update()` / `digestInto()` overwrite `to.buffer` from the start before reading it.
|
|
164
|
+
if (length % blockLen)
|
|
165
|
+
to.buffer.set(buffer);
|
|
166
|
+
return to;
|
|
167
|
+
}
|
|
168
|
+
clone() {
|
|
169
|
+
return this._cloneInto();
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
/**
|
|
173
|
+
* Initial SHA-2 state: fractional parts of square roots of first 16 primes 2..53.
|
|
174
|
+
* Check out `test/misc/sha2-gen-iv.js` for recomputation guide.
|
|
175
|
+
*/
|
|
176
|
+
/** Initial SHA256 state from RFC 6234 §6.1: the first 32 bits of the fractional parts of the
|
|
177
|
+
* square roots of the first eight prime numbers. Exported as a shared table; callers must treat
|
|
178
|
+
* it as read-only because constructors copy words from it by index. */
|
|
179
|
+
export const SHA256_IV = /* @__PURE__ */ Uint32Array.from([
|
|
180
|
+
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,
|
|
181
|
+
]);
|
|
182
|
+
/** Initial SHA224 state `H(0)` from RFC 6234 §6.1. Exported as a shared table; callers must
|
|
183
|
+
* treat it as read-only because constructors copy words from it by index. */
|
|
184
|
+
export const SHA224_IV = /* @__PURE__ */ Uint32Array.from([
|
|
185
|
+
0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,
|
|
186
|
+
]);
|
|
187
|
+
/** Initial SHA384 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen
|
|
188
|
+
* big-endian 32-bit halves. Derived from the fractional parts of the square roots of the ninth
|
|
189
|
+
* through sixteenth prime numbers. Exported as a shared table; callers must treat it as read-only
|
|
190
|
+
* because constructors copy halves from it by index. */
|
|
191
|
+
export const SHA384_IV = /* @__PURE__ */ Uint32Array.from([
|
|
192
|
+
0xcbbb9d5d, 0xc1059ed8, 0x629a292a, 0x367cd507, 0x9159015a, 0x3070dd17, 0x152fecd8, 0xf70e5939,
|
|
193
|
+
0x67332667, 0xffc00b31, 0x8eb44a87, 0x68581511, 0xdb0c2e0d, 0x64f98fa7, 0x47b5481d, 0xbefa4fa4,
|
|
194
|
+
]);
|
|
195
|
+
/** Initial SHA512 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen
|
|
196
|
+
* big-endian 32-bit halves. Derived from the fractional parts of the square roots of the first
|
|
197
|
+
* eight prime numbers. Exported as a shared table; callers must treat it as read-only because
|
|
198
|
+
* constructors copy halves from it by index. */
|
|
199
|
+
export const SHA512_IV = /* @__PURE__ */ Uint32Array.from([
|
|
200
|
+
0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,
|
|
201
|
+
0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,
|
|
202
|
+
]);
|
|
203
|
+
//# sourceMappingURL=_md.js.map
|