@byline/admin 2.3.3 → 2.4.1

package/dist/vendor/noble-argon2/argon2.js

@@ -1,92 +1,96 @@
-// @ts-nocheck — vendored from noble-hashes; see ./README.md
-/**
- * Argon2 KDF from RFC 9106. Can be used to create a key from password and salt.
- * We suggest to use Scrypt. JS Argon is 2-10x slower than native code because of 64-bitness:
- * * argon uses uint64, but JS doesn't have fast uint64array
- * * uint64 multiplication is 1/3 of time
- * * `P` function would be very nice with u64, because most of value will be in registers,
- *   hovewer with u32 it will require 32 registers, which is too much.
- * * JS arrays do slow bound checks, so reading from `A2_BUF` slows it down
- * @module
- */
-import { add3H, add3L, rotr32H, rotr32L, rotrBH, rotrBL, rotrSH, rotrSL } from './_u64.js';
-import { blake2b } from './blake2.js';
-import { anumber, clean, kdfInputToBytes, nextTick, swap32IfBE, swap8IfBE, u32, u8, } from './utils.js';
-// RFC 9106 §3.1 type `y`: 0 = Argon2d, 1 = Argon2i, 2 = Argon2id. The numeric values are the
-// spec-bound part here; the object keys are internal labels.
-const AT = { Argond2d: 0, Argon2i: 1, Argon2id: 2 };
-// RFC 9106 sync points constant `SL = 4`, fixed by the design rather than exposed as a tuning knob.
+import { add3H, add3L, rotr32H, rotr32L, rotrBH, rotrBL, rotrSH, rotrSL } from "./_u64.js";
+import { blake2b } from "./blake2.js";
+import { anumber, clean, kdfInputToBytes, nextTick, swap32IfBE, swap8IfBE, u32, u8 } from "./utils.js";
+const AT = {
+    Argond2d: 0,
+    Argon2i: 1,
+    Argon2id: 2
+};
 const ARGON2_SYNC_POINTS = 4;
-// Preserve Argon2's `LE32(len(X)) || X` encoding for omitted
-// optional fields by emitting empty bytes.
-const abytesOrZero = (buf, errorTitle = '') => {
-    if (buf === undefined)
-        return Uint8Array.of();
+const abytesOrZero = (buf, errorTitle = '')=>{
+    if (void 0 === buf) return Uint8Array.of();
     return kdfInputToBytes(buf, errorTitle);
 };
-// Unsigned `u32 * u32 = { h, l }`, returned as split 64-bit halves.
 function mul(a, b) {
-    // Split into 16-bit limbs so each partial product stays exact under `Math.imul`.
-    const aL = a & 0xffff;
+    const aL = 0xffff & a;
     const aH = a >>> 16;
-    const bL = b & 0xffff;
+    const bL = 0xffff & b;
     const bH = b >>> 16;
     const ll = Math.imul(aL, bL);
     const hl = Math.imul(aH, bL);
     const lh = Math.imul(aL, bH);
     const hh = Math.imul(aH, bH);
-    const carry = (ll >>> 16) + (hl & 0xffff) + lh;
-    const high = (hh + (hl >>> 16) + (carry >>> 16)) | 0;
-    const low = (carry << 16) | (ll & 0xffff);
-    return { h: high, l: low };
+    const carry = (ll >>> 16) + (0xffff & hl) + lh;
+    const high = hh + (hl >>> 16) + (carry >>> 16) | 0;
+    const low = carry << 16 | 0xffff & ll;
+    return {
+        h: high,
+        l: low
+    };
 }
 function mul2(a, b) {
-    // Double the split 64-bit product; carry from `l` is folded back into `h` via `l >>> 31`.
     const { h, l } = mul(a, b);
-    return { h: ((h << 1) | (l >>> 31)) & 0xffff_ffff, l: (l << 1) & 0xffff_ffff };
+    return {
+        h: (h << 1 | l >>> 31) & 0xffffffff,
+        l: l << 1
+    };
 }
-// BlaMka permutation for Argon2
-// `A + B + 2 * trunc(A) * trunc(B)`, where `trunc(...)` means the low 32-bit halves.
 function blamka(Ah, Al, Bh, Bl) {
     const { h: Ch, l: Cl } = mul2(Al, Bl);
-    // A + B + (2 * A * B)
     const Rll = add3L(Al, Bl, Cl);
-    return { h: add3H(Rll, Ah, Bh, Ch), l: Rll | 0 };
+    return {
+        h: add3H(Rll, Ah, Bh, Ch),
+        l: 0 | Rll
+    };
 }
-// Temporary block buffer.
-// 1024-byte block: 256 u32 = 128 interleaved low/high halves = RFC's
-// 8x8 matrix of 16-byte registers.
 const A2_BUF = new Uint32Array(256);
-// Quarter-round over 64-bit word indices into `A2_BUF`; each index maps to adjacent low/high u32s.
 function G(a, b, c, d) {
-    let Al = A2_BUF[2 * a], Ah = A2_BUF[2 * a + 1]; // prettier-ignore
-    let Bl = A2_BUF[2 * b], Bh = A2_BUF[2 * b + 1]; // prettier-ignore
-    let Cl = A2_BUF[2 * c], Ch = A2_BUF[2 * c + 1]; // prettier-ignore
-    let Dl = A2_BUF[2 * d], Dh = A2_BUF[2 * d + 1]; // prettier-ignore
-    // RFC 9106 Figure 19 GB rotates by 32, 24, 16, and 63 bits after each XOR step.
+    let Al = A2_BUF[2 * a], Ah = A2_BUF[2 * a + 1];
+    let Bl = A2_BUF[2 * b], Bh = A2_BUF[2 * b + 1];
+    let Cl = A2_BUF[2 * c], Ch = A2_BUF[2 * c + 1];
+    let Dl = A2_BUF[2 * d], Dh = A2_BUF[2 * d + 1];
     ({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
-    ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
-    ({ Dh, Dl } = { Dh: rotr32H(Dh, Dl), Dl: rotr32L(Dh, Dl) });
+    ({ Dh, Dl } = {
+        Dh: Dh ^ Ah,
+        Dl: Dl ^ Al
+    });
+    ({ Dh, Dl } = {
+        Dh: rotr32H(Dh, Dl),
+        Dl: rotr32L(Dh, Dl)
+    });
     ({ h: Ch, l: Cl } = blamka(Ch, Cl, Dh, Dl));
-    ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
-    ({ Bh, Bl } = { Bh: rotrSH(Bh, Bl, 24), Bl: rotrSL(Bh, Bl, 24) });
+    ({ Bh, Bl } = {
+        Bh: Bh ^ Ch,
+        Bl: Bl ^ Cl
+    });
+    ({ Bh, Bl } = {
+        Bh: rotrSH(Bh, Bl, 24),
+        Bl: rotrSL(Bh, Bl, 24)
+    });
     ({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
-    ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
-    ({ Dh, Dl } = { Dh: rotrSH(Dh, Dl, 16), Dl: rotrSL(Dh, Dl, 16) });
+    ({ Dh, Dl } = {
+        Dh: Dh ^ Ah,
+        Dl: Dl ^ Al
+    });
+    ({ Dh, Dl } = {
+        Dh: rotrSH(Dh, Dl, 16),
+        Dl: rotrSL(Dh, Dl, 16)
+    });
     ({ h: Ch, l: Cl } = blamka(Ch, Cl, Dh, Dl));
-    ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
-    ({ Bh, Bl } = { Bh: rotrBH(Bh, Bl, 63), Bl: rotrBL(Bh, Bl, 63) });
-    ((A2_BUF[2 * a] = Al), (A2_BUF[2 * a + 1] = Ah));
-    ((A2_BUF[2 * b] = Bl), (A2_BUF[2 * b + 1] = Bh));
-    ((A2_BUF[2 * c] = Cl), (A2_BUF[2 * c + 1] = Ch));
-    ((A2_BUF[2 * d] = Dl), (A2_BUF[2 * d + 1] = Dh));
+    ({ Bh, Bl } = {
+        Bh: Bh ^ Ch,
+        Bl: Bl ^ Cl
+    });
+    ({ Bh, Bl } = {
+        Bh: rotrBH(Bh, Bl, 63),
+        Bl: rotrBL(Bh, Bl, 63)
+    });
+    A2_BUF[2 * a] = Al, A2_BUF[2 * a + 1] = Ah;
+    A2_BUF[2 * b] = Bl, A2_BUF[2 * b + 1] = Bh;
+    A2_BUF[2 * c] = Cl, A2_BUF[2 * c + 1] = Ch;
+    A2_BUF[2 * d] = Dl, A2_BUF[2 * d + 1] = Dh;
 }
-// Argon2 permutation over 16 register indices into `A2_BUF`, not the register values themselves.
-// RFC 9106 Figure 17: these arguments are the 16 `v0..v15` 64-bit word
-// indices inside eight 16-byte inputs, not copied word values.
-// prettier-ignore
 function P(v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11, v12, v13, v14, v15) {
-    // RFC 9106 Figure 18: first apply GB across rows, then across columns of the 8x8 register matrix.
     G(v00, v04, v08, v12);
     G(v01, v05, v09, v13);
     G(v02, v06, v10, v14);
@@ -97,83 +101,46 @@ function P(v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11, v12, v13,
     G(v03, v04, v09, v14);
 }
 function block(x, xPos, yPos, outPos, needXor) {
-    for (let i = 0; i < 256; i++)
-        A2_BUF[i] = x[xPos + i] ^ x[yPos + i];
-    // rows (8 consecutive 16-register groups)
-    for (let i = 0; i < 128; i += 16) {
-        // prettier-ignore
-        P(i, i + 1, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8, i + 9, i + 10, i + 11, i + 12, i + 13, i + 14, i + 15);
-    }
-    // columns (8 strided 16-register groups)
-    for (let i = 0; i < 16; i += 2) {
-        // prettier-ignore
-        P(i, i + 1, i + 16, i + 17, i + 32, i + 33, i + 48, i + 49, i + 64, i + 65, i + 80, i + 81, i + 96, i + 97, i + 112, i + 113);
-    }
-    // RFC 9106 step 6: passes after the first XOR the old destination block into the new G(X, Y).
-    if (needXor)
-        for (let i = 0; i < 256; i++)
-            x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
-    else
-        for (let i = 0; i < 256; i++)
-            x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
+    for(let i = 0; i < 256; i++)A2_BUF[i] = x[xPos + i] ^ x[yPos + i];
+    for(let i = 0; i < 128; i += 16)P(i, i + 1, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8, i + 9, i + 10, i + 11, i + 12, i + 13, i + 14, i + 15);
+    for(let i = 0; i < 16; i += 2)P(i, i + 1, i + 16, i + 17, i + 32, i + 33, i + 48, i + 49, i + 64, i + 65, i + 80, i + 81, i + 96, i + 97, i + 112, i + 113);
+    if (needXor) for(let i = 0; i < 256; i++)x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
+    else for(let i = 0; i < 256; i++)x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
     clean(A2_BUF);
 }
-// Variable-Length Hash Function H'
-// Returns bytes, not words; 1024-byte block callers explicitly reinterpret with `u32(...)`.
 function Hp(A, dkLen) {
     const A8 = u8(A);
     const T = new Uint32Array(1);
     const T8 = u8(T);
-    // Argon2 H' prefixes dkLen as LE32; native Uint32Array writes would serialize as BE on s390x.
     T[0] = swap8IfBE(dkLen);
-    // Fast path
-    if (dkLen <= 64)
-        return blake2b.create({ dkLen }).update(T8).update(A8).digest();
+    if (dkLen <= 64) return blake2b.create({
+        dkLen
+    }).update(T8).update(A8).digest();
     const out = new Uint8Array(dkLen);
     let V = blake2b.create({}).update(T8).update(A8).digest();
     let pos = 0;
-    // RFC 9106 Figure 8: each intermediate `V_i` contributes only `W_i`, its first 32 bytes; only
-    // `V_{r+1}` is emitted in full at the remaining length.
     out.set(V.subarray(0, 32));
     pos += 32;
-    // Rest blocks
-    for (; dkLen - pos > 64; pos += 32) {
+    for(; dkLen - pos > 64; pos += 32){
         const Vh = blake2b.create({}).update(V);
         Vh.digestInto(V);
         Vh.destroy();
         out.set(V.subarray(0, 32), pos);
     }
-    // Last block
-    out.set(blake2b(V, { dkLen: dkLen - pos }), pos);
+    out.set(blake2b(V, {
+        dkLen: dkLen - pos
+    }), pos);
     clean(V, T);
-    // H' is byte-oriented; returning `u32(out)` would silently drop dkLen % 4 tail bytes.
     return out;
 }
-// Used only inside process block!
 function indexAlpha(r, s, laneLen, segmentLen, index, randL, sameLane = false) {
-    // RFC 9106 §3.4.2 Figures 12-13: map `J1` / `J2` into the current lane's reference area `W`.
     let area;
-    if (r === 0) {
-        if (s === 0)
-            area = index - 1;
-        else if (sameLane)
-            area = s * segmentLen + index - 1;
-        else
-            area = s * segmentLen + (index == 0 ? -1 : 0);
-    }
-    else if (sameLane)
-        area = laneLen - segmentLen + index - 1;
-    else
-        area = laneLen - segmentLen + (index == 0 ? -1 : 0);
-    const startPos = r !== 0 && s !== ARGON2_SYNC_POINTS - 1 ? (s + 1) * segmentLen : 0;
-    // RFC 9106 Figure 13: `mul(randL, randL).h` is `floor(J_1^2 / 2^32)`, and the outer high-half
-    // multiply computes `floor(|W| * x / 2^32)` without floating-point math.
+    area = 0 === r ? 0 === s ? index - 1 : sameLane ? s * segmentLen + index - 1 : s * segmentLen + (0 == index ? -1 : 0) : sameLane ? laneLen - segmentLen + index - 1 : laneLen - segmentLen + (0 == index ? -1 : 0);
+    const startPos = 0 !== r && s !== ARGON2_SYNC_POINTS - 1 ? (s + 1) * segmentLen : 0;
     const rel = area - 1 - mul(area, mul(randL, randL).h).h;
     return (startPos + rel) % laneLen;
 }
-// Exclusive `2^32` sentinel used by `isU32(...)`, not the inclusive maximum u32 value.
 const maxUint32 = Math.pow(2, 32);
-// Validate safe JS integers in `[0, 2^32 - 1]`.
 function isU32(num) {
     return Number.isSafeInteger(num) && num >= 0 && num < maxUint32;
 }
@@ -182,194 +149,153 @@ function argon2Opts(opts) {
         version: 0x13,
         dkLen: 32,
         maxmem: maxUint32 - 1,
-        asyncTick: 10,
+        asyncTick: 10
     };
-    // Unknown keys are copied through unchanged here and later ignored unless
-    // destructuring consumes them.
-    for (let [k, v] of Object.entries(opts))
-        if (v !== undefined)
-            merged[k] = v;
+    for (let [k, v] of Object.entries(opts))if (void 0 !== v) merged[k] = v;
     const { dkLen, p, m, t, version, onProgress, asyncTick } = merged;
-    // RFC 9106 §3.1: tag length `T` MUST be an integer number of bytes from 4 to 2^32-1.
-    if (!isU32(dkLen) || dkLen < 4)
-        throw new Error('"dkLen" must be 4..');
-    if (!isU32(p) || p < 1 || p >= Math.pow(2, 24))
-        throw new Error('"p" must be 1..2^24');
-    if (!isU32(m))
-        throw new Error('"m" must be 0..2^32');
-    if (!isU32(t) || t < 1)
-        throw new Error('"t" (iterations) must be 1..2^32');
-    if (onProgress !== undefined && typeof onProgress !== 'function')
-        throw new Error('"progressCb" must be a function');
+    if (!isU32(dkLen) || dkLen < 4) throw new Error('"dkLen" must be 4..');
+    if (!isU32(p) || p < 1 || p >= Math.pow(2, 24)) throw new Error('"p" must be 1..2^24');
+    if (!isU32(m)) throw new Error('"m" must be 0..2^32');
+    if (!isU32(t) || t < 1) throw new Error('"t" (iterations) must be 1..2^32');
+    if (void 0 !== onProgress && 'function' != typeof onProgress) throw new Error('"progressCb" must be a function');
     anumber(asyncTick, 'asyncTick');
-    /*
-    Memory size m MUST be an integer number of kibibytes from 8*p
-    to 2^(32)-1. The actual number of blocks is m', which is m
-    rounded down to the nearest multiple of 4*p.
-    */
-    if (!isU32(m) || m < 8 * p)
-        throw new Error('"m" (memory) must be at least 8*p bytes');
-    // Accept legacy `0x10` for compatibility even though RFC 9106 profiles standardize `0x13`.
-    if (version !== 0x10 && version !== 0x13)
-        throw new Error('"version" must be 0x10 or 0x13, got ' + version);
+    if (!isU32(m) || m < 8 * p) throw new Error('"m" (memory) must be at least 8*p bytes');
+    if (0x10 !== version && 0x13 !== version) throw new Error('"version" must be 0x10 or 0x13, got ' + version);
     return merged;
 }
 function argon2Init(password, salt, type, opts) {
     password = kdfInputToBytes(password, 'password');
     salt = kdfInputToBytes(salt, 'salt');
-    if (!isU32(password.length))
-        throw new Error('"password" must be less of length 1..4Gb');
-    // RFC 9106 §3.1 only requires S <= 2^32-1 bytes and says 16 bytes is RECOMMENDED for password
-    // hashing; this library intentionally takes the stricter common >=8-byte salt path.
-    if (!isU32(salt.length) || salt.length < 8)
-        throw new Error('"salt" must be of length 8..4Gb');
-    if (!Object.values(AT).includes(type))
-        throw new Error('"type" was invalid');
+    if (!isU32(password.length)) throw new Error('"password" must be less of length 1..4Gb');
+    if (!isU32(salt.length) || salt.length < 8) throw new Error('"salt" must be of length 8..4Gb');
+    if (!Object.values(AT).includes(type)) throw new Error('"type" was invalid');
     let { p, dkLen, m, t, version, key, personalization, maxmem, onProgress, asyncTick } = argon2Opts(opts);
-    // Validation
     key = abytesOrZero(key, 'key');
     personalization = abytesOrZero(personalization, 'personalization');
-    // H_0 = H^(64)(LE32(p) || LE32(T) || LE32(m) || LE32(t) ||
-    //       LE32(v) || LE32(y) || LE32(length(P)) || P ||
-    //       LE32(length(S)) || S ||  LE32(length(K)) || K ||
-    //       LE32(length(X)) || X)
     const h = blake2b.create();
     const BUF = new Uint32Array(1);
     const BUF8 = u8(BUF);
-    for (let item of [p, dkLen, m, t, version, type]) {
-        // RFC 9106 H0 encodes these scalars as LE32, so normalize the host word before exposing bytes.
+    for (let item of [
+        p,
+        dkLen,
+        m,
+        t,
+        version,
+        type
+    ]){
         BUF[0] = swap8IfBE(item);
         h.update(BUF8);
     }
-    for (let i of [password, salt, key, personalization]) {
-        BUF[0] = swap8IfBE(i.length); // BUF is u32 array, this is valid once normalized to LE bytes
+    for (let i of [
+        password,
+        salt,
+        key,
+        personalization
+    ]){
+        BUF[0] = swap8IfBE(i.length);
         h.update(BUF8).update(i);
     }
-    // Reserve two extra LE32 words after the 64-byte `H_0` so Figures 3-4 can append
-    // `LE32(0 or 1) || LE32(i)` in place for the lane-starting blocks.
     const H0 = new Uint32Array(18);
     const H0_8 = u8(H0);
     h.digestInto(H0_8);
-    // 256 u32 = 1024 (BLOCK_SIZE), fills A2_BUF on processing
-    // Params
     const lanes = p;
-    // m' = 4 * p * floor (m / 4p)
     const mP = 4 * p * Math.floor(m / (ARGON2_SYNC_POINTS * p));
-    //q = m' / p columns
     const laneLen = Math.floor(mP / p);
     const segmentLen = Math.floor(laneLen / ARGON2_SYNC_POINTS);
-    // `maxmem` is documented in bytes; compare against the actual 1024-byte block allocation.
-    const memUsed = mP * 1024;
-    if (!isU32(maxmem))
-        throw new Error('"maxmem" expected <2**32, got ' + maxmem);
-    if (memUsed > maxmem)
-        throw new Error('"maxmem" limit was hit: memUsed(mP*1024)=' + memUsed + ', maxmem=' + maxmem);
+    const memUsed = 1024 * mP;
+    if (!isU32(maxmem)) throw new Error('"maxmem" expected <2**32, got ' + maxmem);
+    if (memUsed > maxmem) throw new Error('"maxmem" limit was hit: memUsed(mP*1024)=' + memUsed + ', maxmem=' + maxmem);
     const B = new Uint32Array(memUsed / 4);
-    // Fill first blocks
-    for (let l = 0; l < p; l++) {
+    for(let l = 0; l < p; l++){
         const i = 256 * laneLen * l;
-        // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))
         H0[17] = swap8IfBE(l);
         H0[16] = swap8IfBE(0);
         B.set(swap32IfBE(u32(Hp(H0, 1024))), i);
-        // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))
         H0[16] = swap8IfBE(1);
         B.set(swap32IfBE(u32(Hp(H0, 1024))), i + 256);
     }
-    let perBlock = () => { };
+    let perBlock = ()=>{};
     if (onProgress) {
-        // The first segment of the first pass skips two preinitialized blocks per lane.
         const totalBlock = t * ARGON2_SYNC_POINTS * p * segmentLen - 2 * p;
-        // Invoke callback if progress changes from 10.01 to 10.02
-        // Allows to draw smooth progress bar on up to 8K screen
         const callbackPer = Math.max(Math.floor(totalBlock / 10000), 1);
         let blockCnt = 0;
-        perBlock = () => {
+        perBlock = ()=>{
             blockCnt++;
-            if (onProgress && (!(blockCnt % callbackPer) || blockCnt === totalBlock))
-                onProgress(blockCnt / totalBlock);
+            if (onProgress && (!(blockCnt % callbackPer) || blockCnt === totalBlock)) onProgress(blockCnt / totalBlock);
         };
     }
     clean(BUF, H0);
-    return { type, mP, p, t, version, B, laneLen, lanes, segmentLen, dkLen, perBlock, asyncTick };
+    return {
+        type,
+        mP,
+        p,
+        t,
+        version,
+        B,
+        laneLen,
+        lanes,
+        segmentLen,
+        dkLen,
+        perBlock,
+        asyncTick
+    };
 }
 function argon2Output(B, p, laneLen, dkLen) {
     const B_final = new Uint32Array(256);
-    for (let l = 0; l < p; l++)
-        for (let j = 0; j < 256; j++)
-            B_final[j] ^= B[256 * (laneLen * l + laneLen - 1) + j];
-    // RFC 9106 steps 7-8 feed the byte string `C` into `H'^T(C)`, so normalize the xor'ed words
-    // back to spec byte order before `Hp(...)` reinterprets them as bytes.
+    for(let l = 0; l < p; l++)for(let j = 0; j < 256; j++)B_final[j] ^= B[256 * (laneLen * l + laneLen - 1) + j];
     const res = Hp(swap32IfBE(B_final), dkLen);
-    // Wipe both the xor scratch and the full working matrix once final digest bytes exist.
-    // JS cleanup is still only best-effort, but this local buffer is no longer needed here.
     clean(B, B_final);
     return res;
 }
 function processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor) {
-    if (offset % laneLen)
-        prev = offset - 1;
+    if (offset % laneLen) prev = offset - 1;
     let randL, randH;
     if (dataIndependent) {
         let i128 = index % 128;
-        // RFC 9106 §3.4.1.2: each 1024-byte address block yields 128 `(J1, J2)` pairs, so regenerate
-        // it whenever the segment index crosses a multiple of 128.
-        if (i128 === 0) {
-            address[256 + 12]++;
-            block(address, 256, 2 * 256, 0, false);
-            block(address, 0, 2 * 256, 0, false);
+        if (0 === i128) {
+            address[268]++;
+            block(address, 256, 512, 0, false);
+            block(address, 0, 512, 0, false);
         }
         randL = address[2 * i128];
         randH = address[2 * i128 + 1];
-    }
-    else {
+    } else {
         const T = 256 * prev;
         randL = B[T];
         randH = B[T + 1];
     }
-    // Address-block path selects `J1` / `J2`, then maps them to the reference
-    // lane/block per RFC 9106 §3.4.
-    const refLane = r === 0 && s === 0 ? l : randH % lanes;
+    const refLane = 0 === r && 0 === s ? l : randH % lanes;
     const refPos = indexAlpha(r, s, laneLen, segmentLen, index, randL, refLane == l);
     const refBlock = laneLen * refLane + refPos;
-    // B[i][j] = G(B[i][j-1], B[l][z])
-    block(B, 256 * prev, 256 * refBlock, offset * 256, needXor);
+    block(B, 256 * prev, 256 * refBlock, 256 * offset, needXor);
 }
 function argon2(type, password, salt, opts) {
     const { mP, p, t, version, B, laneLen, lanes, segmentLen, dkLen, perBlock } = argon2Init(password, salt, type, opts);
-    // Pre-loop setup
-    // [address, input, zero_block] format so we can pass single U32 to block function
-    const address = new Uint32Array(3 * 256);
-    address[256 + 6] = mP;
-    address[256 + 8] = t;
-    address[256 + 10] = type;
-    for (let r = 0; r < t; r++) {
-        // RFC 9106 step 6 applies the XOR-on-later-passes rule only for version `0x13`; legacy
-        // `0x10` keeps the older overwrite behavior used by the v16 test vectors.
-        const needXor = r !== 0 && version === 0x13;
-        address[256 + 0] = r;
-        for (let s = 0; s < ARGON2_SYNC_POINTS; s++) {
-            address[256 + 4] = s;
-            // RFC 9106 §3.4.1.3: Argon2id uses Argon2i's data-independent `J1` / `J2` generation only
-            // in pass 0, slices 0 and 1; Argon2i uses it in every segment.
-            const dataIndependent = type == AT.Argon2i || (type == AT.Argon2id && r === 0 && s < 2);
-            for (let l = 0; l < p; l++) {
-                address[256 + 2] = l;
-                address[256 + 12] = 0;
+    const address = new Uint32Array(768);
+    address[262] = mP;
+    address[264] = t;
+    address[266] = type;
+    for(let r = 0; r < t; r++){
+        const needXor = 0 !== r && 0x13 === version;
+        address[256] = r;
+        for(let s = 0; s < ARGON2_SYNC_POINTS; s++){
+            address[260] = s;
+            const dataIndependent = type == AT.Argon2i || type == AT.Argon2id && 0 === r && s < 2;
+            for(let l = 0; l < p; l++){
+                address[258] = l;
+                address[268] = 0;
                 let startPos = 0;
-                if (r === 0 && s === 0) {
+                if (0 === r && 0 === s) {
                     startPos = 2;
                     if (dataIndependent) {
-                        address[256 + 12]++;
-                        block(address, 256, 2 * 256, 0, false);
-                        block(address, 0, 2 * 256, 0, false);
+                        address[268]++;
+                        block(address, 256, 512, 0, false);
+                        block(address, 0, 512, 0, false);
                     }
                 }
-                // current block postion
                 let offset = l * laneLen + s * segmentLen + startPos;
-                // previous block position
                 let prev = offset % laneLen ? offset - 1 : offset + laneLen - 1;
-                for (let index = startPos; index < segmentLen; index++, offset++, prev++) {
+                for(let index = startPos; index < segmentLen; index++, offset++, prev++){
                     perBlock();
                     processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor);
                 }
@@ -379,88 +305,39 @@ function argon2(type, password, salt, opts) {
     clean(address);
     return argon2Output(B, p, laneLen, dkLen);
 }
-/**
- * Argon2d GPU-resistant version.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2d.
- * ```ts
- * argon2d('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2d = (password, salt, opts) => argon2(AT.Argond2d, password, salt, opts);
-/**
- * Argon2i side-channel-resistant version.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2i.
- * ```ts
- * argon2i('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2i = (password, salt, opts) => argon2(AT.Argon2i, password, salt, opts);
-/**
- * Argon2id, combining i+d, the most popular version from RFC 9106.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2id.
- * ```ts
- * argon2id('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2id = (password, salt, opts) => argon2(AT.Argon2id, password, salt, opts);
+const argon2d = (password, salt, opts)=>argon2(AT.Argond2d, password, salt, opts);
+const argon2i = (password, salt, opts)=>argon2(AT.Argon2i, password, salt, opts);
+const argon2id = (password, salt, opts)=>argon2(AT.Argon2id, password, salt, opts);
 async function argon2Async(type, password, salt, opts) {
     const { mP, p, t, version, B, laneLen, lanes, segmentLen, dkLen, perBlock, asyncTick } = argon2Init(password, salt, type, opts);
-    // Pre-loop setup
-    // [address, input, zero_block] format so we can pass single U32 to block function
-    const address = new Uint32Array(3 * 256);
-    address[256 + 6] = mP;
-    address[256 + 8] = t;
-    address[256 + 10] = type;
+    const address = new Uint32Array(768);
+    address[262] = mP;
+    address[264] = t;
+    address[266] = type;
     let ts = Date.now();
-    for (let r = 0; r < t; r++) {
-        // RFC 9106 step 6 applies the XOR-on-later-passes rule only for version `0x13`; legacy
-        // `0x10` keeps the older overwrite behavior used by the v16 test vectors.
-        const needXor = r !== 0 && version === 0x13;
-        address[256 + 0] = r;
-        for (let s = 0; s < ARGON2_SYNC_POINTS; s++) {
-            address[256 + 4] = s;
-            // RFC 9106 §3.4.1.3: Argon2id uses Argon2i's data-independent `J1` / `J2` generation only
-            // in pass 0, slices 0 and 1; Argon2i uses it in every segment.
-            const dataIndependent = type == AT.Argon2i || (type == AT.Argon2id && r === 0 && s < 2);
-            for (let l = 0; l < p; l++) {
-                address[256 + 2] = l;
-                address[256 + 12] = 0;
+    for(let r = 0; r < t; r++){
+        const needXor = 0 !== r && 0x13 === version;
+        address[256] = r;
+        for(let s = 0; s < ARGON2_SYNC_POINTS; s++){
+            address[260] = s;
+            const dataIndependent = type == AT.Argon2i || type == AT.Argon2id && 0 === r && s < 2;
+            for(let l = 0; l < p; l++){
+                address[258] = l;
+                address[268] = 0;
                 let startPos = 0;
-                if (r === 0 && s === 0) {
+                if (0 === r && 0 === s) {
                     startPos = 2;
                     if (dataIndependent) {
-                        address[256 + 12]++;
-                        block(address, 256, 2 * 256, 0, false);
-                        block(address, 0, 2 * 256, 0, false);
+                        address[268]++;
+                        block(address, 256, 512, 0, false);
+                        block(address, 0, 512, 0, false);
                     }
                 }
-                // current block postion
                 let offset = l * laneLen + s * segmentLen + startPos;
-                // previous block position
                 let prev = offset % laneLen ? offset - 1 : offset + laneLen - 1;
-                for (let index = startPos; index < segmentLen; index++, offset++, prev++) {
+                for(let index = startPos; index < segmentLen; index++, offset++, prev++){
                     perBlock();
                     processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor);
-                    // Date.now() is not monotonic. If the clock goes backwards,
-                    // still yield control.
                     const diff = Date.now() - ts;
                     if (!(diff >= 0 && diff < asyncTick)) {
                         await nextTick();
@@ -473,45 +350,7 @@ async function argon2Async(type, password, salt, opts) {
     clean(address);
     return argon2Output(B, p, laneLen, dkLen);
 }
-/**
- * Argon2d async GPU-resistant version.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Promise resolving to derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2d asynchronously.
- * ```ts
- * await argon2dAsync('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2dAsync = (password, salt, opts) => argon2Async(AT.Argond2d, password, salt, opts);
-/**
- * Argon2i async side-channel-resistant version.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Promise resolving to derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2i asynchronously.
- * ```ts
- * await argon2iAsync('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2iAsync = (password, salt, opts) => argon2Async(AT.Argon2i, password, salt, opts);
-/**
- * Argon2id async, combining i+d, the most popular version from RFC 9106.
- * @param password - password or input key material
- * @param salt - unique salt value
- * @param opts - Argon2 cost and optional tuning parameters. See {@link ArgonOpts}.
- * @returns Promise resolving to derived key bytes.
- * @throws If the Argon2 input or cost parameters are invalid. {@link Error}
- * @example
- * Derive a key with Argon2id asynchronously.
- * ```ts
- * await argon2idAsync('password', 'salt1234', { t: 1, m: 8, p: 1, dkLen: 32 });
- * ```
- */
-export const argon2idAsync = (password, salt, opts) => argon2Async(AT.Argon2id, password, salt, opts);
+const argon2dAsync = (password, salt, opts)=>argon2Async(AT.Argond2d, password, salt, opts);
+const argon2iAsync = (password, salt, opts)=>argon2Async(AT.Argon2i, password, salt, opts);
+const argon2idAsync = (password, salt, opts)=>argon2Async(AT.Argon2id, password, salt, opts);
+export { argon2d, argon2dAsync, argon2i, argon2iAsync, argon2id, argon2idAsync };