npm - @pezkuwi/util-crypto - Versions diffs - 14.0.1 - Mend

@pezkuwi/util-crypto 14.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/README.md +17 -0
package/package.json +45 -0
package/src/address/addressToEvm.spec.ts +16 -0
package/src/address/addressToEvm.ts +12 -0
package/src/address/check.spec.ts +44 -0
package/src/address/check.ts +34 -0
package/src/address/checksum.spec.ts +45 -0
package/src/address/checksum.ts +25 -0
package/src/address/decode.spec.ts +138 -0
package/src/address/decode.ts +41 -0
package/src/address/defaults.ts +12 -0
package/src/address/derive.spec.ts +26 -0
package/src/address/derive.ts +36 -0
package/src/address/encode.spec.ts +177 -0
package/src/address/encode.ts +43 -0
package/src/address/encodeDerived.spec.ts +14 -0
package/src/address/encodeDerived.ts +19 -0
package/src/address/encodeMulti.spec.ts +18 -0
package/src/address/encodeMulti.ts +18 -0
package/src/address/eq.spec.ts +45 -0
package/src/address/eq.ts +24 -0
package/src/address/evmToAddress.spec.ts +20 -0
package/src/address/evmToAddress.ts +24 -0
package/src/address/index.ts +21 -0
package/src/address/is.spec.ts +113 -0
package/src/address/is.ts +14 -0
package/src/address/keyDerived.spec.ts +24 -0
package/src/address/keyDerived.ts +22 -0
package/src/address/keyMulti.spec.ts +20 -0
package/src/address/keyMulti.ts +23 -0
package/src/address/setSS58Format.spec.ts +21 -0
package/src/address/setSS58Format.ts +20 -0
package/src/address/sort.spec.ts +22 -0
package/src/address/sort.ts +17 -0
package/src/address/sshash.ts +12 -0
package/src/address/types.ts +6 -0
package/src/address/util.ts +8 -0
package/src/address/validate.spec.ts +113 -0
package/src/address/validate.ts +10 -0
package/src/base32/bs32.ts +53 -0
package/src/base32/decode.spec.ts +34 -0
package/src/base32/encode.spec.ts +30 -0
package/src/base32/helpers.ts +93 -0
package/src/base32/index.ts +8 -0
package/src/base32/is.spec.ts +32 -0
package/src/base32/validate.spec.ts +44 -0
package/src/base58/bs58.ts +43 -0
package/src/base58/decode.spec.ts +31 -0
package/src/base58/encode.spec.ts +26 -0
package/src/base58/index.ts +8 -0
package/src/base58/validate.spec.ts +20 -0
package/src/base64/bs64.ts +43 -0
package/src/base64/decode.spec.ts +42 -0
package/src/base64/encode.spec.ts +14 -0
package/src/base64/index.ts +10 -0
package/src/base64/pad.spec.ts +14 -0
package/src/base64/pad.ts +10 -0
package/src/base64/trim.spec.ts +14 -0
package/src/base64/trim.ts +14 -0
package/src/base64/validate.spec.ts +32 -0
package/src/blake2/asHex.spec.ts +57 -0
package/src/blake2/asU8a.spec.ts +74 -0
package/src/blake2/asU8a.ts +40 -0
package/src/blake2/index.ts +8 -0
package/src/bn.ts +15 -0
package/src/bundle.ts +33 -0
package/src/bundleInit.ts +11 -0
package/src/crypto.spec.ts +18 -0
package/src/crypto.ts +18 -0
package/src/ed25519/deriveHard.ts +18 -0
package/src/ed25519/index.ts +13 -0
package/src/ed25519/pair/fromRandom.spec.ts +28 -0
package/src/ed25519/pair/fromRandom.ts +25 -0
package/src/ed25519/pair/fromSecret.spec.ts +33 -0
package/src/ed25519/pair/fromSecret.ts +29 -0
package/src/ed25519/pair/fromSeed.spec.ts +42 -0
package/src/ed25519/pair/fromSeed.ts +41 -0
package/src/ed25519/pair/fromString.spec.ts +17 -0
package/src/ed25519/pair/fromString.ts +31 -0
package/src/ed25519/sign.spec.ts +40 -0
package/src/ed25519/sign.ts +38 -0
package/src/ed25519/verify.spec.ts +84 -0
package/src/ed25519/verify.ts +41 -0
package/src/ethereum/encode.spec.ts +59 -0
package/src/ethereum/encode.ts +39 -0
package/src/ethereum/index.ts +6 -0
package/src/ethereum/isAddress.spec.ts +34 -0
package/src/ethereum/isAddress.ts +16 -0
package/src/ethereum/isChecksum.ts +27 -0
package/src/ethereum/isCheksum.spec.ts +30 -0
package/src/hd/ethereum/index.spec.ts +54 -0
package/src/hd/ethereum/index.ts +69 -0
package/src/hd/index.ts +6 -0
package/src/hd/ledger/derivePrivate.ts +34 -0
package/src/hd/ledger/index.spec.ts +64 -0
package/src/hd/ledger/index.ts +42 -0
package/src/hd/ledger/master.spec.ts +19 -0
package/src/hd/ledger/master.ts +26 -0
package/src/hd/validatePath.spec.ts +30 -0
package/src/hd/validatePath.ts +24 -0
package/src/helpers.ts +38 -0
package/src/hmac/index.ts +4 -0
package/src/hmac/shaAsU8a.spec.ts +45 -0
package/src/hmac/shaAsU8a.ts +48 -0
package/src/index.ts +6 -0
package/src/json/constants.ts +11 -0
package/src/json/decrypt.ts +25 -0
package/src/json/decryptData.ts +45 -0
package/src/json/encrypt.ts +25 -0
package/src/json/encryptFormat.ts +20 -0
package/src/json/index.ts +7 -0
package/src/json/types.ts +22 -0
package/src/keccak/asHex.spec.ts +30 -0
package/src/keccak/asU8a.spec.ts +56 -0
package/src/keccak/asU8a.ts +45 -0
package/src/keccak/index.ts +8 -0
package/src/key/DeriveJunction.ts +79 -0
package/src/key/extractPath.spec.ts +51 -0
package/src/key/extractPath.ts +37 -0
package/src/key/extractSuri.spec.ts +147 -0
package/src/key/extractSuri.ts +40 -0
package/src/key/fromPath.ts +28 -0
package/src/key/hdkdDerive.ts +17 -0
package/src/key/hdkdEcdsa.ts +8 -0
package/src/key/hdkdEd25519.ts +7 -0
package/src/key/hdkdSr25519.ts +14 -0
package/src/key/index.ts +12 -0
package/src/mnemonic/bip39.spec.ts +80 -0
package/src/mnemonic/bip39.ts +127 -0
package/src/mnemonic/generate.spec.ts +58 -0
package/src/mnemonic/generate.ts +25 -0
package/src/mnemonic/index.ts +11 -0
package/src/mnemonic/toEntropy.spec.ts +36 -0
package/src/mnemonic/toEntropy.ts +13 -0
package/src/mnemonic/toLegacySeed.spec.ts +52 -0
package/src/mnemonic/toLegacySeed.ts +39 -0
package/src/mnemonic/toMiniSecret.spec.ts +67 -0
package/src/mnemonic/toMiniSecret.ts +23 -0
package/src/mnemonic/toMiniSecretCmp.spec.ts +64 -0
package/src/mnemonic/validate.spec.ts +39 -0
package/src/mnemonic/validate.ts +26 -0
package/src/mnemonic/wordlists/en.ts +7 -0
package/src/mnemonic/wordlists/es.ts +7 -0
package/src/mnemonic/wordlists/fr.ts +7 -0
package/src/mnemonic/wordlists/index.ts +11 -0
package/src/mnemonic/wordlists/it.ts +7 -0
package/src/mnemonic/wordlists/jp.ts +7 -0
package/src/mnemonic/wordlists/ko.ts +7 -0
package/src/mnemonic/wordlists/zh-s.ts +7 -0
package/src/mnemonic/wordlists/zh-t.ts +7 -0
package/src/mod.ts +4 -0
package/src/nacl/decrypt.spec.ts +26 -0
package/src/nacl/decrypt.ts +22 -0
package/src/nacl/encrypt.spec.ts +20 -0
package/src/nacl/encrypt.ts +31 -0
package/src/nacl/index.ts +8 -0
package/src/nacl/tweetnacl-secretbox-data.spec.ts +4629 -0
package/src/nacl/tweetnacl-secretbox.spec.ts +161 -0
package/src/nacl/tweetnacl.ts +1159 -0
package/src/networks.ts +5 -0
package/src/packageDetect.ts +14 -0
package/src/packageInfo.ts +6 -0
package/src/pbkdf2/encode.spec.ts +54 -0
package/src/pbkdf2/encode.ts +29 -0
package/src/pbkdf2/index.ts +4 -0
package/src/random/asHex.spec.ts +38 -0
package/src/random/asNumber.spec.ts +16 -0
package/src/random/asNumber.ts +28 -0
package/src/random/asU8a.spec.ts +36 -0
package/src/random/asU8a.ts +30 -0
package/src/random/index.ts +9 -0
package/src/scrypt/defaults.ts +19 -0
package/src/scrypt/encode.spec.ts +43 -0
package/src/scrypt/encode.ts +30 -0
package/src/scrypt/fromU8a.ts +44 -0
package/src/scrypt/index.ts +6 -0
package/src/scrypt/toU8a.ts +17 -0
package/src/scrypt/types.ts +9 -0
package/src/secp256k1/compress.spec.ts +47 -0
package/src/secp256k1/compress.ts +21 -0
package/src/secp256k1/deriveHard.ts +17 -0
package/src/secp256k1/expand.spec.ts +47 -0
package/src/secp256k1/expand.ts +30 -0
package/src/secp256k1/hasher.spec.ts +24 -0
package/src/secp256k1/hasher.ts +13 -0
package/src/secp256k1/index.ts +10 -0
package/src/secp256k1/pair/fromSeed.spec.ts +75 -0
package/src/secp256k1/pair/fromSeed.ts +42 -0
package/src/secp256k1/recover.spec.ts +35 -0
package/src/secp256k1/recover.ts +36 -0
package/src/secp256k1/sign.spec.ts +39 -0
package/src/secp256k1/sign.ts +37 -0
package/src/secp256k1/signVerify.spec.ts +94 -0
package/src/secp256k1/tweakAdd.spec.ts +35 -0
package/src/secp256k1/tweakAdd.ts +65 -0
package/src/secp256k1/types.ts +4 -0
package/src/secp256k1/verify.spec.ts +81 -0
package/src/secp256k1/verify.ts +32 -0
package/src/sha/asU8a.ts +30 -0
package/src/sha/asU8a256.spec.ts +55 -0
package/src/sha/asU8a512.spec.ts +33 -0
package/src/sha/index.ts +8 -0
package/src/signature/index.ts +8 -0
package/src/signature/verify.spec.ts +230 -0
package/src/signature/verify.ts +114 -0
package/src/sr25519/agreement.spec.ts +31 -0
package/src/sr25519/agreement.ts +23 -0
package/src/sr25519/derive.ts +21 -0
package/src/sr25519/deriveHard.ts +9 -0
package/src/sr25519/derivePublic.ts +18 -0
package/src/sr25519/deriveSoft.ts +9 -0
package/src/sr25519/index.ts +12 -0
package/src/sr25519/pair/fromSeed.spec.ts +35 -0
package/src/sr25519/pair/fromSeed.ts +28 -0
package/src/sr25519/pair/fromU8a.ts +23 -0
package/src/sr25519/pair/testing.spec.ts +161 -0
package/src/sr25519/pair/toU8a.ts +10 -0
package/src/sr25519/sign.spec.ts +28 -0
package/src/sr25519/sign.ts +22 -0
package/src/sr25519/verify.spec.ts +42 -0
package/src/sr25519/verify.ts +23 -0
package/src/sr25519/vrfSign.ts +24 -0
package/src/sr25519/vrfSignVerify.spec.ts +73 -0
package/src/sr25519/vrfVerify.ts +25 -0
package/src/test/index.ts +8 -0
package/src/test/performance.ts +17 -0
package/src/types.ts +33 -0
package/src/xxhash/asHex.spec.ts +36 -0
package/src/xxhash/asU8a.spec.ts +48 -0
package/src/xxhash/asU8a.ts +45 -0
package/src/xxhash/index.ts +8 -0
package/src/xxhash/xxhash64.ts +155 -0
package/tsconfig.build.json +18 -0
package/tsconfig.spec.json +20 -0

package/src/nacl/tweetnacl.ts ADDED Viewed

@@ -0,0 +1,1159 @@
+// Copyright 2017-2025 @polkadot/util-crypto authors & contributors
+// SPDX-License-Identifier: Apache-2.0
+/* eslint-disable brace-style,camelcase,comma-spacing,curly,one-var,padding-line-between-statements,space-infix-ops */
+// Adapted from https://github.com/dchest/tweetnacl-js/blob/6a9594a35a27f9c723c5f1c107e376d1c65c23b3/nacl.js
+//
+// Changes made:
+//
+// - Added TS types
+// - Change var to let/const
+// - Comment out unused functions
+// - export the only box/secretbox create/open functions (these are camelCase)
+// - Linting style is mostly disabled below (apart form the changes above), so should be verifyable against original
+// - Inline some calls (flatten, reduce call tree)
+// - Some inline let definitions on loop variables
+// - It is _messy_ the unused code is commented out, not removed
+//
+// Original headers:
+//
+// Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.
+// Public domain.
+//
+// Implementation derived from TweetNaCl version 20140427.
+// See for details: http://tweetnacl.cr.yp.to/
+// var u64 = function(h, l) { this.hi = h|0 >>> 0; this.lo = l|0 >>> 0; };
+// var gf = function(init) {
+//   var i, r = new Float64Array(16);
+//   if (init) for (i = 0; i < init.length; i++) r[i] = init[i];
+//   return r;
+// };
+// //  Pluggable, initialized in high-level API below.
+// var randombytes = function(/* x, n */) { throw new Error('no PRNG'); };
+// var _0 = new Uint8Array(16);
+// var _9 = new Uint8Array(32); _9[0] = 9;
+// var gf0 = gf(),
+//     gf1 = gf([1]),
+//     _121665 = gf([0xdb41, 1]),
+//     D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),
+//     D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),
+//     X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),
+//     Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),
+//     I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);
+function L32 (x: number, c: number): number { return (x << c) | (x >>> (32 - c)); }
+function ld32 (x: Uint8Array, i: number): number {
+  let u = x[i+3] & 0xff;
+  u = (u<<8)|(x[i+2] & 0xff);
+  u = (u<<8)|(x[i+1] & 0xff);
+  return (u<<8)|(x[i+0] & 0xff);
+}
+// function dl64(x, i) {
+//   var h = (x[i] << 24) | (x[i+1] << 16) | (x[i+2] << 8) | x[i+3];
+//   var l = (x[i+4] << 24) | (x[i+5] << 16) | (x[i+6] << 8) | x[i+7];
+//   return new u64(h, l);
+// }
+function st32 (x: Uint8Array, j: number, u: number): void {
+  for (let i = 0; i < 4; i++) { x[j+i] = u & 255; u >>>= 8; }
+}
+// function ts64(x, i, u) {
+//   x[i]   = (u.hi >> 24) & 0xff;
+//   x[i+1] = (u.hi >> 16) & 0xff;
+//   x[i+2] = (u.hi >>  8) & 0xff;
+//   x[i+3] = u.hi & 0xff;
+//   x[i+4] = (u.lo >> 24)  & 0xff;
+//   x[i+5] = (u.lo >> 16)  & 0xff;
+//   x[i+6] = (u.lo >>  8)  & 0xff;
+//   x[i+7] = u.lo & 0xff;
+// }
+function vn (x: Uint8Array, xi: number, y: Uint8Array, yi: number, n: number): number {
+  let d = 0;
+  for (let i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];
+  return (1 & ((d - 1) >>> 8)) - 1;
+}
+// function crypto_verify_16 (x: Uint8Array, xi: number, y: Uint8Array, yi: number): number {
+//   return vn(x,xi,y,yi,16);
+// }
+// function crypto_verify_32(x, xi, y, yi) {
+//   return vn(x,xi,y,yi,32);
+// }
+function core (out: Uint8Array, inp: Uint8Array, k: Uint8Array, c: Uint8Array, h: boolean): void {
+  const w = new Uint32Array(16), x = new Uint32Array(16), y = new Uint32Array(16), t = new Uint32Array(4);
+  let i, j, m;
+  for (i = 0; i < 4; i++) {
+    x[5*i] = ld32(c, 4*i);
+    x[1+i] = ld32(k, 4*i);
+    x[6+i] = ld32(inp, 4*i);
+    x[11+i] = ld32(k, 16+4*i);
+  }
+  for (i = 0; i < 16; i++) y[i] = x[i];
+  for (i = 0; i < 20; i++) {
+    for (j = 0; j < 4; j++) {
+      for (m = 0; m < 4; m++) t[m] = x[(5*j+4*m)%16];
+      t[1] ^= L32((t[0]+t[3])|0, 7);
+      t[2] ^= L32((t[1]+t[0])|0, 9);
+      t[3] ^= L32((t[2]+t[1])|0,13);
+      t[0] ^= L32((t[3]+t[2])|0,18);
+      for (m = 0; m < 4; m++) w[4*j+(j+m)%4] = t[m];
+    }
+    for (m = 0; m < 16; m++) x[m] = w[m];
+  }
+  if (h) {
+    for (i = 0; i < 16; i++) x[i] = (x[i] + y[i]) | 0;
+    for (i = 0; i < 4; i++) {
+      x[5*i] = (x[5*i] - ld32(c, 4*i)) | 0;
+      x[6+i] = (x[6+i] - ld32(inp, 4*i)) | 0;
+    }
+    for (i = 0; i < 4; i++) {
+      st32(out,4*i,x[5*i]);
+      st32(out,16+4*i,x[6+i]);
+    }
+  } else {
+    for (i = 0; i < 16; i++) st32(out, 4 * i, (x[i] + y[i]) | 0);
+  }
+}
+// function crypto_core_salsa20 (out: Uint8Array, inp: Uint8Array, k: Uint8Array, c: Uint8Array): number {
+//   core(out,inp,k,c,false);
+//   return 0;
+// }
+// function crypto_core_hsalsa20 (out: Uint8Array, inp: Uint8Array, k: Uint8Array, c: Uint8Array): number {
+//   core(out,inp,k,c,true);
+//   return 0;
+// }
+const sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);
+// "expand 32-byte k"
+function crypto_stream_salsa20_xor (c: Uint8Array, cpos: number, m: Uint8Array | null, mpos: number, b: number, n: Uint8Array, k: Uint8Array): number {
+  const z = new Uint8Array(16), x = new Uint8Array(64);
+  let u, i;
+  if (!b) return 0;
+  for (i = 0; i < 16; i++) z[i] = 0;
+  for (i = 0; i < 8; i++) z[i] = n[i];
+  while (b >= 64) {
+    core(x, z, k, sigma, false);
+    for (i = 0; i < 64; i++) c[cpos+i] = (m?m[mpos+i]:0) ^ x[i];
+    u = 1;
+    for (i = 8; i < 16; i++) {
+      u = u + (z[i] & 0xff) | 0;
+      z[i] = u & 0xff;
+      u >>>= 8;
+    }
+    b -= 64;
+    cpos += 64;
+    if (m) mpos += 64;
+  }
+  if (b > 0) {
+    core(x, z, k, sigma, false);
+    for (i = 0; i < b; i++) c[cpos+i] = (m?m[mpos+i]:0) ^ x[i];
+  }
+  return 0;
+}
+// function crypto_stream_salsa20 (c: Uint8Array, cpos: number, d: number, n: Uint8Array, k: Uint8Array): number {
+//   return crypto_stream_salsa20_xor(c, cpos, null, 0, d, n, k);
+// }
+// function crypto_stream (c: Uint8Array, cpos: number, d: number, n: Uint8Array, k: Uint8Array): number {
+//   const s = new Uint8Array(32);
+//   crypto_core_hsalsa20(s,n,k,sigma);
+//   return crypto_stream_salsa20(c,cpos,d,n.subarray(16),s);
+// }
+function crypto_stream_xor (c: Uint8Array, cpos: number, m: Uint8Array | null, mpos: number, d: number, n: Uint8Array, k: Uint8Array): number {
+  const s = new Uint8Array(32);
+  core(s, n, k, sigma, true);
+  return crypto_stream_salsa20_xor(c, cpos, m, mpos, d, n.subarray(16), s);
+}
+function add1305 (h: Uint32Array, c: Uint32Array): void {
+  let u = 0;
+  for (let j = 0; j < 17; j++) {
+    u = (u + ((h[j] + c[j]) | 0)) | 0;
+    h[j] = u & 255;
+    u >>>= 8;
+  }
+}
+const minusp = new Uint32Array([5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252]);
+function crypto_onetimeauth (out: Uint8Array, outpos: number, m: Uint8Array, mpos: number, n: number, k: Uint8Array): number {
+  let i, j, u;
+  const x = new Uint32Array(17), r = new Uint32Array(17), h = new Uint32Array(17), c = new Uint32Array(17), g = new Uint32Array(17);
+  for (j = 0; j < 17; j++) r[j]=h[j]=0;
+  for (j = 0; j < 16; j++) r[j]=k[j];
+  r[3]&=15;
+  r[4]&=252;
+  r[7]&=15;
+  r[8]&=252;
+  r[11]&=15;
+  r[12]&=252;
+  r[15]&=15;
+  while (n > 0) {
+    for (j = 0; j < 17; j++) c[j] = 0;
+    for (j = 0; (j < 16) && (j < n); ++j) c[j] = m[mpos+j];
+    c[j] = 1;
+    mpos += j; n -= j;
+    add1305(h,c);
+    for (i = 0; i < 17; i++) {
+      x[i] = 0;
+      for (j = 0; j < 17; j++) x[i] = (x[i] + (h[j] * ((j <= i) ? r[i - j] : ((320 * r[i + 17 - j])|0))) | 0) | 0;
+    }
+    for (i = 0; i < 17; i++) h[i] = x[i];
+    u = 0;
+    for (j = 0; j < 16; j++) {
+      u = (u + h[j]) | 0;
+      h[j] = u & 255;
+      u >>>= 8;
+    }
+    u = (u + h[16]) | 0; h[16] = u & 3;
+    u = (5 * (u >>> 2)) | 0;
+    for (j = 0; j < 16; j++) {
+      u = (u + h[j]) | 0;
+      h[j] = u & 255;
+      u >>>= 8;
+    }
+    u = (u + h[16]) | 0; h[16] = u;
+  }
+  for (j = 0; j < 17; j++) g[j] = h[j];
+  add1305(h,minusp);
+  const s = (-(h[16] >>> 7) | 0);
+  for (j = 0; j < 17; j++) h[j] ^= s & (g[j] ^ h[j]);
+  for (j = 0; j < 16; j++) c[j] = k[j + 16];
+  c[16] = 0;
+  add1305(h,c);
+  for (j = 0; j < 16; j++) out[outpos+j] = h[j];
+  return 0;
+}
+function crypto_onetimeauth_verify (h: Uint8Array, hpos: number, m: Uint8Array, mpos: number, n: number, k: Uint8Array) {
+  const x = new Uint8Array(16);
+  crypto_onetimeauth(x,0,m,mpos,n,k);
+  return vn(h, hpos, x, 0, 16);
+}
+function crypto_secretbox (c: Uint8Array, m: Uint8Array, d: number, n: Uint8Array, k: Uint8Array) {
+  if (d < 32) return -1;
+  crypto_stream_xor(c,0,m,0,d,n,k);
+  crypto_onetimeauth(c, 16, c, 32, d - 32, c);
+  for (let i = 0; i < 16; i++) c[i] = 0;
+  return 0;
+}
+function crypto_secretbox_open (m: Uint8Array, c: Uint8Array, d: number, n: Uint8Array, k: Uint8Array): number {
+  const x = new Uint8Array(32);
+  if (d < 32) return -1;
+  crypto_stream_xor(x, 0, null, 0, 32, n, k);
+  if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1;
+  crypto_stream_xor(m,0,c,0,d,n,k);
+  for (let i = 0; i < 32; i++) m[i] = 0;
+  return 0;
+}
+// function set25519(r, a) {
+//   var i;
+//   for (i = 0; i < 16; i++) r[i] = a[i]|0;
+// }
+// function car25519 (o: Float64Array): void {
+//   let c;
+//   let i;
+//   for (i = 0; i < 16; i++) {
+//     o[i] += 65536;
+//     c = Math.floor(o[i] / 65536);
+//     o[(i+1)*(i<15?1:0)] += c - 1 + 37 * (c-1) * (i===15?1:0);
+//     o[i] -= (c * 65536);
+//   }
+// }
+// function sel25519 (p: Float64Array, q: Float64Array, b: number): void {
+//   let t;
+//   const c = ~(b-1);
+//   for (let i = 0; i < 16; i++) {
+//     t = c & (p[i] ^ q[i]);
+//     p[i] ^= t;
+//     q[i] ^= t;
+//   }
+// }
+// function pack25519 (o: Uint8Array, n: Float64Array): void {
+//   let i, j, b;
+//   const m = gf(), t = gf();
+//   for (i = 0; i < 16; i++) t[i] = n[i];
+//   car25519(t);
+//   car25519(t);
+//   car25519(t);
+//   for (j = 0; j < 2; j++) {
+//     m[0] = t[0] - 0xffed;
+//     for (i = 1; i < 15; i++) {
+//       m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);
+//       m[i-1] &= 0xffff;
+//     }
+//     m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);
+//     b = (m[15]>>16) & 1;
+//     m[14] &= 0xffff;
+//     sel25519(t, m, 1-b);
+//   }
+//   for (i = 0; i < 16; i++) {
+//     o[2*i] = t[i] & 0xff;
+//     o[2*i+1] = t[i]>>8;
+//   }
+// }
+// function neq25519(a, b) {
+//   var c = new Uint8Array(32), d = new Uint8Array(32);
+//   pack25519(c, a);
+//   pack25519(d, b);
+//   return crypto_verify_32(c, 0, d, 0);
+// }
+// function par25519(a) {
+//   var d = new Uint8Array(32);
+//   pack25519(d, a);
+//   return d[0] & 1;
+// }
+// function unpack25519 (o: Float64Array, n: Uint8Array): void {
+//   let i;
+//   for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);
+//   o[15] &= 0x7fff;
+// }
+// function A (o: Float64Array, a: Float64Array, b: Float64Array): void {
+//   let i;
+//   for (i = 0; i < 16; i++) o[i] = (a[i] + b[i])|0;
+// }
+// function Z (o: Float64Array, a: Float64Array, b: Float64Array): void {
+//   let i;
+//   for (i = 0; i < 16; i++) o[i] = (a[i] - b[i])|0;
+// }
+// function M (o: Float64Array, a: Float64Array, b: Float64Array): void {
+//   let i, j;
+//   const t = new Float64Array(31);
+//   for (i = 0; i < 31; i++) t[i] = 0;
+//   for (i = 0; i < 16; i++) {
+//     for (j = 0; j < 16; j++) {
+//       t[i+j] += a[i] * b[j];
+//     }
+//   }
+//   for (i = 0; i < 15; i++) {
+//     t[i] += 38 * t[i+16];
+//   }
+//   for (i = 0; i < 16; i++) o[i] = t[i];
+//   car25519(o);
+//   car25519(o);
+// }
+// function S (o: Float64Array, a: Float64Array): void {
+//   M(o, a, a);
+// }
+// function inv25519 (o: Float64Array, i: Float64Array): void {
+//   const c = gf();
+//   let a;
+//   for (a = 0; a < 16; a++) c[a] = i[a];
+//   for (a = 253; a >= 0; a--) {
+//     S(c, c);
+//     if (a !== 2 && a !== 4) M(c, c, i);
+//   }
+//   for (a = 0; a < 16; a++) o[a] = c[a];
+// }
+// function pow2523(o, i) {
+//   var c = gf();
+//   var a;
+//   for (a = 0; a < 16; a++) c[a] = i[a];
+//   for (a = 250; a >= 0; a--) {
+//       S(c, c);
+//       if(a !== 1) M(c, c, i);
+//   }
+//   for (a = 0; a < 16; a++) o[a] = c[a];
+// }
+// function crypto_scalarmult (q: Uint8Array, n: Uint8Array, p: Uint8Array): number {
+//   const z = new Uint8Array(32);
+//   const x = new Float64Array(80);
+//   let r, i;
+//   const a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf();
+//   for (i = 0; i < 31; i++) z[i] = n[i];
+//   z[31]=(n[31]&127)|64;
+//   z[0]&=248;
+//   unpack25519(x,p);
+//   for (i = 0; i < 16; i++) {
+//     b[i]=x[i];
+//     d[i]=a[i]=c[i]=0;
+//   }
+//   a[0]=d[0]=1;
+//   for (i=254; i>=0; --i) {
+//     r=(z[i>>>3]>>>(i&7))&1;
+//     sel25519(a,b,r);
+//     sel25519(c,d,r);
+//     A(e,a,c);
+//     Z(a,a,c);
+//     A(c,b,d);
+//     Z(b,b,d);
+//     S(d,e);
+//     S(f,a);
+//     M(a,c,a);
+//     M(c,b,e);
+//     A(e,a,c);
+//     Z(a,a,c);
+//     S(b,a);
+//     Z(c,d,f);
+//     M(a,c,_121665);
+//     A(a,a,d);
+//     M(c,c,a);
+//     M(a,d,f);
+//     M(d,b,x);
+//     S(b,e);
+//     sel25519(a,b,r);
+//     sel25519(c,d,r);
+//   }
+//   for (i = 0; i < 16; i++) {
+//     x[i+16]=a[i];
+//     x[i+32]=c[i];
+//     x[i+48]=b[i];
+//     x[i+64]=d[i];
+//   }
+//   const x32 = x.subarray(32);
+//   const x16 = x.subarray(16);
+//   inv25519(x32,x32);
+//   M(x16,x16,x32);
+//   pack25519(q,x16);
+//   return 0;
+// }
+// function crypto_scalarmult_base(q, n) {
+//   return crypto_scalarmult(q, n, _9);
+// }
+// function crypto_box_keypair(y, x) {
+//   randombytes(x, 32);
+//   return crypto_scalarmult_base(y, x);
+// }
+// function crypto_box_beforenm (k: Uint8Array, y: Uint8Array, x: Uint8Array): number {
+//   const s = new Uint8Array(32);
+//   crypto_scalarmult(s, x, y);
+//   return crypto_core_hsalsa20(k, _0, s, sigma);
+// }
+// var crypto_box_afternm = crypto_secretbox;
+// var crypto_box_open_afternm = crypto_secretbox_open;
+// function crypto_box(c, m, d, n, y, x) {
+//   var k = new Uint8Array(32);
+//   crypto_box_beforenm(k, y, x);
+//   return crypto_box_afternm(c, m, d, n, k);
+// }
+// function crypto_box_open(m, c, d, n, y, x) {
+//   var k = new Uint8Array(32);
+//   crypto_box_beforenm(k, y, x);
+//   return crypto_box_open_afternm(m, c, d, n, k);
+// }
+// function add64() {
+//   var a = 0, b = 0, c = 0, d = 0, m16 = 65535, l, h, i;
+//   for (i = 0; i < arguments.length; i++) {
+//     l = arguments[i].lo;
+//     h = arguments[i].hi;
+//     a += (l & m16); b += (l >>> 16);
+//     c += (h & m16); d += (h >>> 16);
+//   }
+//   b += (a >>> 16);
+//   c += (b >>> 16);
+//   d += (c >>> 16);
+//   return new u64((c & m16) | (d << 16), (a & m16) | (b << 16));
+// }
+// function shr64(x, c) {
+//   return new u64((x.hi >>> c), (x.lo >>> c) | (x.hi << (32 - c)));
+// }
+// function xor64() {
+//   var l = 0, h = 0, i;
+//   for (i = 0; i < arguments.length; i++) {
+//     l ^= arguments[i].lo;
+//     h ^= arguments[i].hi;
+//   }
+//   return new u64(h, l);
+// }
+// function R(x, c) {
+//   var h, l, c1 = 32 - c;
+//   if (c < 32) {
+//     h = (x.hi >>> c) | (x.lo << c1);
+//     l = (x.lo >>> c) | (x.hi << c1);
+//   } else if (c < 64) {
+//     h = (x.lo >>> c) | (x.hi << c1);
+//     l = (x.hi >>> c) | (x.lo << c1);
+//   }
+//   return new u64(h, l);
+// }
+// function Ch(x, y, z) {
+//   var h = (x.hi & y.hi) ^ (~x.hi & z.hi),
+//       l = (x.lo & y.lo) ^ (~x.lo & z.lo);
+//   return new u64(h, l);
+// }
+// function Maj(x, y, z) {
+//   var h = (x.hi & y.hi) ^ (x.hi & z.hi) ^ (y.hi & z.hi),
+//       l = (x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo);
+//   return new u64(h, l);
+// }
+// function Sigma0(x) { return xor64(R(x,28), R(x,34), R(x,39)); }
+// function Sigma1(x) { return xor64(R(x,14), R(x,18), R(x,41)); }
+// function sigma0(x) { return xor64(R(x, 1), R(x, 8), shr64(x,7)); }
+// function sigma1(x) { return xor64(R(x,19), R(x,61), shr64(x,6)); }
+// var K = [
+//   new u64(0x428a2f98, 0xd728ae22), new u64(0x71374491, 0x23ef65cd),
+//   new u64(0xb5c0fbcf, 0xec4d3b2f), new u64(0xe9b5dba5, 0x8189dbbc),
+//   new u64(0x3956c25b, 0xf348b538), new u64(0x59f111f1, 0xb605d019),
+//   new u64(0x923f82a4, 0xaf194f9b), new u64(0xab1c5ed5, 0xda6d8118),
+//   new u64(0xd807aa98, 0xa3030242), new u64(0x12835b01, 0x45706fbe),
+//   new u64(0x243185be, 0x4ee4b28c), new u64(0x550c7dc3, 0xd5ffb4e2),
+//   new u64(0x72be5d74, 0xf27b896f), new u64(0x80deb1fe, 0x3b1696b1),
+//   new u64(0x9bdc06a7, 0x25c71235), new u64(0xc19bf174, 0xcf692694),
+//   new u64(0xe49b69c1, 0x9ef14ad2), new u64(0xefbe4786, 0x384f25e3),
+//   new u64(0x0fc19dc6, 0x8b8cd5b5), new u64(0x240ca1cc, 0x77ac9c65),
+//   new u64(0x2de92c6f, 0x592b0275), new u64(0x4a7484aa, 0x6ea6e483),
+//   new u64(0x5cb0a9dc, 0xbd41fbd4), new u64(0x76f988da, 0x831153b5),
+//   new u64(0x983e5152, 0xee66dfab), new u64(0xa831c66d, 0x2db43210),
+//   new u64(0xb00327c8, 0x98fb213f), new u64(0xbf597fc7, 0xbeef0ee4),
+//   new u64(0xc6e00bf3, 0x3da88fc2), new u64(0xd5a79147, 0x930aa725),
+//   new u64(0x06ca6351, 0xe003826f), new u64(0x14292967, 0x0a0e6e70),
+//   new u64(0x27b70a85, 0x46d22ffc), new u64(0x2e1b2138, 0x5c26c926),
+//   new u64(0x4d2c6dfc, 0x5ac42aed), new u64(0x53380d13, 0x9d95b3df),
+//   new u64(0x650a7354, 0x8baf63de), new u64(0x766a0abb, 0x3c77b2a8),
+//   new u64(0x81c2c92e, 0x47edaee6), new u64(0x92722c85, 0x1482353b),
+//   new u64(0xa2bfe8a1, 0x4cf10364), new u64(0xa81a664b, 0xbc423001),
+//   new u64(0xc24b8b70, 0xd0f89791), new u64(0xc76c51a3, 0x0654be30),
+//   new u64(0xd192e819, 0xd6ef5218), new u64(0xd6990624, 0x5565a910),
+//   new u64(0xf40e3585, 0x5771202a), new u64(0x106aa070, 0x32bbd1b8),
+//   new u64(0x19a4c116, 0xb8d2d0c8), new u64(0x1e376c08, 0x5141ab53),
+//   new u64(0x2748774c, 0xdf8eeb99), new u64(0x34b0bcb5, 0xe19b48a8),
+//   new u64(0x391c0cb3, 0xc5c95a63), new u64(0x4ed8aa4a, 0xe3418acb),
+//   new u64(0x5b9cca4f, 0x7763e373), new u64(0x682e6ff3, 0xd6b2b8a3),
+//   new u64(0x748f82ee, 0x5defb2fc), new u64(0x78a5636f, 0x43172f60),
+//   new u64(0x84c87814, 0xa1f0ab72), new u64(0x8cc70208, 0x1a6439ec),
+//   new u64(0x90befffa, 0x23631e28), new u64(0xa4506ceb, 0xde82bde9),
+//   new u64(0xbef9a3f7, 0xb2c67915), new u64(0xc67178f2, 0xe372532b),
+//   new u64(0xca273ece, 0xea26619c), new u64(0xd186b8c7, 0x21c0c207),
+//   new u64(0xeada7dd6, 0xcde0eb1e), new u64(0xf57d4f7f, 0xee6ed178),
+//   new u64(0x06f067aa, 0x72176fba), new u64(0x0a637dc5, 0xa2c898a6),
+//   new u64(0x113f9804, 0xbef90dae), new u64(0x1b710b35, 0x131c471b),
+//   new u64(0x28db77f5, 0x23047d84), new u64(0x32caab7b, 0x40c72493),
+//   new u64(0x3c9ebe0a, 0x15c9bebc), new u64(0x431d67c4, 0x9c100d4c),
+//   new u64(0x4cc5d4be, 0xcb3e42b6), new u64(0x597f299c, 0xfc657e2a),
+//   new u64(0x5fcb6fab, 0x3ad6faec), new u64(0x6c44198c, 0x4a475817)
+// ];
+// function crypto_hashblocks(x, m, n) {
+//   var z = [], b = [], a = [], w = [], t, i, j;
+//   for (i = 0; i < 8; i++) z[i] = a[i] = dl64(x, 8*i);
+//   var pos = 0;
+//   while (n >= 128) {
+//     for (i = 0; i < 16; i++) w[i] = dl64(m, 8*i+pos);
+//     for (i = 0; i < 80; i++) {
+//       for (j = 0; j < 8; j++) b[j] = a[j];
+//       t = add64(a[7], Sigma1(a[4]), Ch(a[4], a[5], a[6]), K[i], w[i%16]);
+//       b[7] = add64(t, Sigma0(a[0]), Maj(a[0], a[1], a[2]));
+//       b[3] = add64(b[3], t);
+//       for (j = 0; j < 8; j++) a[(j+1)%8] = b[j];
+//       if (i%16 === 15) {
+//         for (j = 0; j < 16; j++) {
+//           w[j] = add64(w[j], w[(j+9)%16], sigma0(w[(j+1)%16]), sigma1(w[(j+14)%16]));
+//         }
+//       }
+//     }
+//     for (i = 0; i < 8; i++) {
+//       a[i] = add64(a[i], z[i]);
+//       z[i] = a[i];
+//     }
+//     pos += 128;
+//     n -= 128;
+//   }
+//   for (i = 0; i < 8; i++) ts64(x, 8*i, z[i]);
+//   return n;
+// }
+// var iv = new Uint8Array([
+//   0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+//   0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+//   0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+//   0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+//   0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+//   0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+//   0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+//   0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+// ]);
+// function crypto_hash(out, m, n) {
+//   var h = new Uint8Array(64), x = new Uint8Array(256);
+//   var i, b = n;
+//   for (i = 0; i < 64; i++) h[i] = iv[i];
+//   crypto_hashblocks(h, m, n);
+//   n %= 128;
+//   for (i = 0; i < 256; i++) x[i] = 0;
+//   for (i = 0; i < n; i++) x[i] = m[b-n+i];
+//   x[n] = 128;
+//   n = 256-128*(n<112?1:0);
+//   x[n-9] = 0;
+//   ts64(x, n-8, new u64((b / 0x20000000) | 0, b << 3));
+//   crypto_hashblocks(h, x, n);
+//   for (i = 0; i < 64; i++) out[i] = h[i];
+//   return 0;
+// }
+// function add(p, q) {
+//   var a = gf(), b = gf(), c = gf(),
+//       d = gf(), e = gf(), f = gf(),
+//       g = gf(), h = gf(), t = gf();
+//   Z(a, p[1], p[0]);
+//   Z(t, q[1], q[0]);
+//   M(a, a, t);
+//   A(b, p[0], p[1]);
+//   A(t, q[0], q[1]);
+//   M(b, b, t);
+//   M(c, p[3], q[3]);
+//   M(c, c, D2);
+//   M(d, p[2], q[2]);
+//   A(d, d, d);
+//   Z(e, b, a);
+//   Z(f, d, c);
+//   A(g, d, c);
+//   A(h, b, a);
+//   M(p[0], e, f);
+//   M(p[1], h, g);
+//   M(p[2], g, f);
+//   M(p[3], e, h);
+// }
+// function cswap(p, q, b) {
+//   var i;
+//   for (i = 0; i < 4; i++) {
+//     sel25519(p[i], q[i], b);
+//   }
+// }
+// function pack(r, p) {
+//   var tx = gf(), ty = gf(), zi = gf();
+//   inv25519(zi, p[2]);
+//   M(tx, p[0], zi);
+//   M(ty, p[1], zi);
+//   pack25519(r, ty);
+//   r[31] ^= par25519(tx) << 7;
+// }
+// function scalarmult(p, q, s) {
+//   var b, i;
+//   set25519(p[0], gf0);
+//   set25519(p[1], gf1);
+//   set25519(p[2], gf1);
+//   set25519(p[3], gf0);
+//   for (i = 255; i >= 0; --i) {
+//     b = (s[(i/8)|0] >> (i&7)) & 1;
+//     cswap(p, q, b);
+//     add(q, p);
+//     add(p, p);
+//     cswap(p, q, b);
+//   }
+// }
+// function scalarbase(p, s) {
+//   var q = [gf(), gf(), gf(), gf()];
+//   set25519(q[0], X);
+//   set25519(q[1], Y);
+//   set25519(q[2], gf1);
+//   M(q[3], X, Y);
+//   scalarmult(p, q, s);
+// }
+// function crypto_sign_keypair(pk, sk, seeded) {
+//   var d = new Uint8Array(64);
+//   var p = [gf(), gf(), gf(), gf()];
+//   var i;
+//   if (!seeded) randombytes(sk, 32);
+//   crypto_hash(d, sk, 32);
+//   d[0] &= 248;
+//   d[31] &= 127;
+//   d[31] |= 64;
+//   scalarbase(p, d);
+//   pack(pk, p);
+//   for (i = 0; i < 32; i++) sk[i+32] = pk[i];
+//   return 0;
+// }
+// var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);
+// function modL(r, x) {
+//   var carry, i, j, k;
+//   for (i = 63; i >= 32; --i) {
+//     carry = 0;
+//     for (j = i - 32, k = i - 12; j < k; ++j) {
+//       x[j] += carry - 16 * x[i] * L[j - (i - 32)];
+//       carry = Math.floor((x[j] + 128) / 256);
+//       x[j] -= carry * 256;
+//     }
+//     x[j] += carry;
+//     x[i] = 0;
+//   }
+//   carry = 0;
+//   for (j = 0; j < 32; j++) {
+//     x[j] += carry - (x[31] >> 4) * L[j];
+//     carry = x[j] >> 8;
+//     x[j] &= 255;
+//   }
+//   for (j = 0; j < 32; j++) x[j] -= carry * L[j];
+//   for (i = 0; i < 32; i++) {
+//     x[i+1] += x[i] >> 8;
+//     r[i] = x[i] & 255;
+//   }
+// }
+// function reduce(r) {
+//   var x = new Float64Array(64), i;
+//   for (i = 0; i < 64; i++) x[i] = r[i];
+//   for (i = 0; i < 64; i++) r[i] = 0;
+//   modL(r, x);
+// }
+// // Note: difference from C - smlen returned, not passed as argument.
+// function crypto_sign(sm, m, n, sk) {
+//   var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);
+//   var i, j, x = new Float64Array(64);
+//   var p = [gf(), gf(), gf(), gf()];
+//   crypto_hash(d, sk, 32);
+//   d[0] &= 248;
+//   d[31] &= 127;
+//   d[31] |= 64;
+//   var smlen = n + 64;
+//   for (i = 0; i < n; i++) sm[64 + i] = m[i];
+//   for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];
+//   crypto_hash(r, sm.subarray(32), n+32);
+//   reduce(r);
+//   scalarbase(p, r);
+//   pack(sm, p);
+//   for (i = 32; i < 64; i++) sm[i] = sk[i];
+//   crypto_hash(h, sm, n + 64);
+//   reduce(h);
+//   for (i = 0; i < 64; i++) x[i] = 0;
+//   for (i = 0; i < 32; i++) x[i] = r[i];
+//   for (i = 0; i < 32; i++) {
+//     for (j = 0; j < 32; j++) {
+//       x[i+j] += h[i] * d[j];
+//     }
+//   }
+//   modL(sm.subarray(32), x);
+//   return smlen;
+// }
+// function unpackneg(r, p) {
+//   var t = gf(), chk = gf(), num = gf(),
+//       den = gf(), den2 = gf(), den4 = gf(),
+//       den6 = gf();
+//   set25519(r[2], gf1);
+//   unpack25519(r[1], p);
+//   S(num, r[1]);
+//   M(den, num, D);
+//   Z(num, num, r[2]);
+//   A(den, r[2], den);
+//   S(den2, den);
+//   S(den4, den2);
+//   M(den6, den4, den2);
+//   M(t, den6, num);
+//   M(t, t, den);
+//   pow2523(t, t);
+//   M(t, t, num);
+//   M(t, t, den);
+//   M(t, t, den);
+//   M(r[0], t, den);
+//   S(chk, r[0]);
+//   M(chk, chk, den);
+//   if (neq25519(chk, num)) M(r[0], r[0], I);
+//   S(chk, r[0]);
+//   M(chk, chk, den);
+//   if (neq25519(chk, num)) return -1;
+//   if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);
+//   M(r[3], r[0], r[1]);
+//   return 0;
+// }
+// function crypto_sign_open(m, sm, n, pk) {
+//   var i;
+//   var t = new Uint8Array(32), h = new Uint8Array(64);
+//   var p = [gf(), gf(), gf(), gf()],
+//       q = [gf(), gf(), gf(), gf()];
+//   if (n < 64) return -1;
+//   if (unpackneg(q, pk)) return -1;
+//   for (i = 0; i < n; i++) m[i] = sm[i];
+//   for (i = 0; i < 32; i++) m[i+32] = pk[i];
+//   crypto_hash(h, m, n);
+//   reduce(h);
+//   scalarmult(p, q, h);
+//   scalarbase(q, sm.subarray(32));
+//   add(p, q);
+//   pack(t, p);
+//   n -= 64;
+//   if (crypto_verify_32(sm, 0, t, 0)) {
+//     for (i = 0; i < n; i++) m[i] = 0;
+//     return -1;
+//   }
+//   for (i = 0; i < n; i++) m[i] = sm[i + 64];
+//   return n;
+// }
+const crypto_secretbox_KEYBYTES = 32;
+const crypto_secretbox_NONCEBYTES = 24;
+const crypto_secretbox_ZEROBYTES = 32;
+const crypto_secretbox_BOXZEROBYTES = 16;
+// const crypto_scalarmult_BYTES = 32;
+// const crypto_scalarmult_SCALARBYTES = 32;
+// const crypto_box_PUBLICKEYBYTES = 32;
+// const crypto_box_SECRETKEYBYTES = 32;
+// const crypto_box_BEFORENMBYTES = 32;
+// const crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES;
+// const crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES;
+// const crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES;
+// const crypto_sign_BYTES = 64;
+// const crypto_sign_PUBLICKEYBYTES = 32;
+// const crypto_sign_SECRETKEYBYTES = 64;
+// const crypto_sign_SEEDBYTES = 32;
+// const crypto_hash_BYTES = 64;
+// nacl.lowlevel = {
+//   crypto_core_hsalsa20: crypto_core_hsalsa20,
+//   crypto_stream_xor: crypto_stream_xor,
+//   crypto_stream: crypto_stream,
+//   crypto_stream_salsa20_xor: crypto_stream_salsa20_xor,
+//   crypto_stream_salsa20: crypto_stream_salsa20,
+//   crypto_onetimeauth: crypto_onetimeauth,
+//   crypto_onetimeauth_verify: crypto_onetimeauth_verify,
+//   crypto_verify_16: crypto_verify_16,
+//   crypto_verify_32: crypto_verify_32,
+//   crypto_secretbox: crypto_secretbox,
+//   crypto_secretbox_open: crypto_secretbox_open,
+//   crypto_scalarmult: crypto_scalarmult,
+//   crypto_scalarmult_base: crypto_scalarmult_base,
+//   crypto_box_beforenm: crypto_box_beforenm,
+//   crypto_box_afternm: crypto_box_afternm,
+//   crypto_box: crypto_box,
+//   crypto_box_open: crypto_box_open,
+//   crypto_box_keypair: crypto_box_keypair,
+//   crypto_hash: crypto_hash,
+//   crypto_sign: crypto_sign,
+//   crypto_sign_keypair: crypto_sign_keypair,
+//   crypto_sign_open: crypto_sign_open,
+//   crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES,
+//   crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES,
+//   crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES,
+//   crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES,
+//   crypto_scalarmult_BYTES: crypto_scalarmult_BYTES,
+//   crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES,
+//   crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES,
+//   crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES,
+//   crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES,
+//   crypto_box_NONCEBYTES: crypto_box_NONCEBYTES,
+//   crypto_box_ZEROBYTES: crypto_box_ZEROBYTES,
+//   crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES,
+//   crypto_sign_BYTES: crypto_sign_BYTES,
+//   crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES,
+//   crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,
+//   crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES,
+//   crypto_hash_BYTES: crypto_hash_BYTES,
+//   gf: gf,
+//   D: D,
+//   L: L,
+//   pack25519: pack25519,
+//   unpack25519: unpack25519,
+//   M: M,
+//   A: A,
+//   S: S,
+//   Z: Z,
+//   pow2523: pow2523,
+//   add: add,
+//   set25519: set25519,
+//   modL: modL,
+//   scalarmult: scalarmult,
+//   scalarbase: scalarbase,
+// };
+// /* High-level API */
+function checkLengths (k: Uint8Array, n: Uint8Array): void {
+  if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size');
+  if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size');
+}
+// function checkBoxLengths (pk: Uint8Array, sk: Uint8Array): void {
+//   if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size');
+//   if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');
+// }
+function checkArrayTypes (...args: unknown[]): void {
+  for (let i = 0, count = args.length; i < count; i++) {
+    if (!(args[i] instanceof Uint8Array))
+      throw new TypeError('unexpected type, use Uint8Array');
+  }
+}
+// function cleanup(arr) {
+//   for (var i = 0; i < arr.length; i++) arr[i] = 0;
+// }
+// nacl.randomBytes = function(n) {
+//   var b = new Uint8Array(n);
+//   randombytes(b, n);
+//   return b;
+// };
+export function naclSecretbox (msg: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array {
+  checkArrayTypes(msg, nonce, key);
+  checkLengths(key, nonce);
+  const m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);
+  const c = new Uint8Array(m.length);
+  for (let i = 0; i < msg.length; i++) m[i+crypto_secretbox_ZEROBYTES] = msg[i];
+  crypto_secretbox(c, m, m.length, nonce, key);
+  return c.subarray(crypto_secretbox_BOXZEROBYTES);
+}
+export function naclSecretboxOpen (box: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array | null {
+  checkArrayTypes(box, nonce, key);
+  checkLengths(key, nonce);
+  const c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);
+  const m = new Uint8Array(c.length);
+  for (let i = 0; i < box.length; i++) c[i+crypto_secretbox_BOXZEROBYTES] = box[i];
+  if (c.length < 32) return null;
+  if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null;
+  return m.subarray(crypto_secretbox_ZEROBYTES);
+}
+// nacl.secretbox.keyLength = crypto_secretbox_KEYBYTES;
+// nacl.secretbox.nonceLength = crypto_secretbox_NONCEBYTES;
+// nacl.secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES;
+// nacl.scalarMult = function(n, p) {
+//   checkArrayTypes(n, p);
+//   if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
+//   if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');
+//   var q = new Uint8Array(crypto_scalarmult_BYTES);
+//   crypto_scalarmult(q, n, p);
+//   return q;
+// };
+// nacl.scalarMult.base = function(n) {
+//   checkArrayTypes(n);
+//   if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
+//   var q = new Uint8Array(crypto_scalarmult_BYTES);
+//   crypto_scalarmult_base(q, n);
+//   return q;
+// };
+// nacl.scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES;
+// nacl.scalarMult.groupElementLength = crypto_scalarmult_BYTES;
+// nacl.box = function (msg, nonce, publicKey, secretKey) {
+//   var k = nacl.box.before(publicKey, secretKey);
+//   return nacl.secretbox(msg, nonce, k);
+// };
+// nacl.box.before = function(publicKey, secretKey) {
+//   checkArrayTypes(publicKey, secretKey);
+//   checkBoxLengths(publicKey, secretKey);
+//   var k = new Uint8Array(crypto_box_BEFORENMBYTES);
+//   crypto_box_beforenm(k, publicKey, secretKey);
+//   return k;
+// };
+// nacl.box.after = nacl.secretbox;
+// nacl.box.open = function (msg, nonce, publicKey, secretKey) {
+//   var k = nacl.box.before(publicKey, secretKey);
+//   return nacl.secretbox.open(msg, nonce, k);
+// };
+// nacl.box.open.after = nacl.secretbox.open;
+// nacl.box.keyPair = function() {
+//   var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
+//   var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);
+//   crypto_box_keypair(pk, sk);
+//   return {publicKey: pk, secretKey: sk};
+// };
+// nacl.box.keyPair.fromSecretKey = function(secretKey) {
+//   checkArrayTypes(secretKey);
+//   if (secretKey.length !== crypto_box_SECRETKEYBYTES)
+//     throw new Error('bad secret key size');
+//   var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
+//   crypto_scalarmult_base(pk, secretKey);
+//   return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
+// };
+// nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES;
+// nacl.box.secretKeyLength = crypto_box_SECRETKEYBYTES;
+// nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES;
+// nacl.box.nonceLength = crypto_box_NONCEBYTES;
+// nacl.box.overheadLength = nacl.secretbox.overheadLength;
+// nacl.sign = function(msg, secretKey) {
+//   checkArrayTypes(msg, secretKey);
+//   if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
+//     throw new Error('bad secret key size');
+//   var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);
+//   crypto_sign(signedMsg, msg, msg.length, secretKey);
+//   return signedMsg;
+// };
+// nacl.sign.open = function(signedMsg, publicKey) {
+//   checkArrayTypes(signedMsg, publicKey);
+//   if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
+//     throw new Error('bad public key size');
+//   var tmp = new Uint8Array(signedMsg.length);
+//   var mlen = crypto_sign_open(tmp, signedMsg, signedMsg.length, publicKey);
+//   if (mlen < 0) return null;
+//   var m = new Uint8Array(mlen);
+//   for (var i = 0; i < m.length; i++) m[i] = tmp[i];
+//   return m;
+// };
+// nacl.sign.detached = function(msg, secretKey) {
+//   var signedMsg = nacl.sign(msg, secretKey);
+//   var sig = new Uint8Array(crypto_sign_BYTES);
+//   for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];
+//   return sig;
+// };
+// nacl.sign.detached.verify = function(msg, sig, publicKey) {
+//   checkArrayTypes(msg, sig, publicKey);
+//   if (sig.length !== crypto_sign_BYTES)
+//     throw new Error('bad signature size');
+//   if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
+//     throw new Error('bad public key size');
+//   var sm = new Uint8Array(crypto_sign_BYTES + msg.length);
+//   var m = new Uint8Array(crypto_sign_BYTES + msg.length);
+//   var i;
+//   for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];
+//   for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];
+//   return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);
+// };
+// nacl.sign.keyPair = function() {
+//   var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
+//   var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
+//   crypto_sign_keypair(pk, sk);
+//   return {publicKey: pk, secretKey: sk};
+// };
+// nacl.sign.keyPair.fromSecretKey = function(secretKey) {
+//   checkArrayTypes(secretKey);
+//   if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
+//     throw new Error('bad secret key size');
+//   var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
+//   for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];
+//   return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
+// };
+// nacl.sign.keyPair.fromSeed = function(seed) {
+//   checkArrayTypes(seed);
+//   if (seed.length !== crypto_sign_SEEDBYTES)
+//     throw new Error('bad seed size');
+//   var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
+//   var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
+//   for (var i = 0; i < 32; i++) sk[i] = seed[i];
+//   crypto_sign_keypair(pk, sk, true);
+//   return {publicKey: pk, secretKey: sk};
+// };
+// nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
+// nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;
+// nacl.sign.seedLength = crypto_sign_SEEDBYTES;
+// nacl.sign.signatureLength = crypto_sign_BYTES;
+// nacl.hash = function(msg) {
+//   checkArrayTypes(msg);
+//   var h = new Uint8Array(crypto_hash_BYTES);
+//   crypto_hash(h, msg, msg.length);
+//   return h;
+// };
+// nacl.hash.hashLength = crypto_hash_BYTES;
+// nacl.verify = function(x, y) {
+//   checkArrayTypes(x, y);
+//   // Zero length arguments are considered not equal.
+//   if (x.length === 0 || y.length === 0) return false;
+//   if (x.length !== y.length) return false;
+//   return (vn(x, 0, y, 0, x.length) === 0) ? true : false;
+// };
+// nacl.setPRNG = function(fn) {
+//   randombytes = fn;
+// };