@pooflabs/web 0.0.89-rc4 → 0.0.89-rc5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/{index-CEADZ0na.js → index-Aw2d-l7b.js} +2 -2
  2. package/dist/{index-CEADZ0na.js.map → index-Aw2d-l7b.js.map} +1 -1
  3. package/dist/{index-DZhOa-_D.esm.js → index-BFPYOUPB.esm.js} +2 -2
  4. package/dist/{index-Bop7HFA-.esm.js.map → index-BFPYOUPB.esm.js.map} +1 -1
  5. package/dist/{index-DGOP9-5L.esm.js → index-Bk0jNQeJ.esm.js} +74 -2470
  6. package/dist/index-Bk0jNQeJ.esm.js.map +1 -0
  7. package/dist/{index-Bop7HFA-.esm.js → index-BmRFzihw.esm.js} +2 -2
  8. package/dist/{index-DZhOa-_D.esm.js.map → index-BmRFzihw.esm.js.map} +1 -1
  9. package/dist/{index-DHI02_l_.js → index-CNeBXwNA.js} +74 -2470
  10. package/dist/index-CNeBXwNA.js.map +1 -0
  11. package/dist/{index-DS3Ftep_.js → index-t6c_8F1Y.js} +2 -2
  12. package/dist/{index-DS3Ftep_.js.map → index-t6c_8F1Y.js.map} +1 -1
  13. package/dist/{index.browser-0dewreQm.esm.js → index.browser-CPNUnyFN.esm.js} +1104 -503
  14. package/dist/index.browser-CPNUnyFN.esm.js.map +1 -0
  15. package/dist/{index.browser-B-pUCZgP.esm.js → index.browser-DA5oVpde.esm.js} +1574 -1223
  16. package/dist/index.browser-DA5oVpde.esm.js.map +1 -0
  17. package/dist/{index.browser-C9AVHEa4.js → index.browser-DIbh5a17.js} +1573 -1222
  18. package/dist/index.browser-DIbh5a17.js.map +1 -0
  19. package/dist/{index.browser-rhFUHjM1.js → index.browser-DwpTtoZf.js} +1103 -502
  20. package/dist/index.browser-DwpTtoZf.js.map +1 -0
  21. package/dist/index.esm.js +1 -1
  22. package/dist/index.js +1 -1
  23. package/dist/{index.native-CXtxnE1X.esm.js → index.native-BOKZJ7oQ.esm.js} +72 -2458
  24. package/dist/index.native-BOKZJ7oQ.esm.js.map +1 -0
  25. package/dist/{index.native-DzDWIHgW.js → index.native-CJnVdXZz.js} +71 -2457
  26. package/dist/index.native-CJnVdXZz.js.map +1 -0
  27. package/dist/index.native.esm.js +1 -1
  28. package/dist/index.native.js +1 -1
  29. package/dist/{phantom-wallet-provider-SmsVVBCI.esm.js → phantom-wallet-provider-BnoICydP.esm.js} +6 -16
  30. package/dist/phantom-wallet-provider-BnoICydP.esm.js.map +1 -0
  31. package/dist/{phantom-wallet-provider-mA4Yaf-t.js → phantom-wallet-provider-CCu-ugIc.js} +6 -16
  32. package/dist/phantom-wallet-provider-CCu-ugIc.js.map +1 -0
  33. package/dist/{privy-wallet-provider-CHMc_YjB.js → privy-wallet-provider-07Uph-RM.js} +3 -3
  34. package/dist/{privy-wallet-provider-CHMc_YjB.js.map → privy-wallet-provider-07Uph-RM.js.map} +1 -1
  35. package/dist/{privy-wallet-provider-BNPm2WEZ.esm.js → privy-wallet-provider-CZv8FH7R.esm.js} +3 -3
  36. package/dist/{privy-wallet-provider-BNPm2WEZ.esm.js.map → privy-wallet-provider-CZv8FH7R.esm.js.map} +1 -1
  37. package/dist/{solana-mobile-wallet-provider-BMGBQI3W.esm.js → solana-mobile-wallet-provider-7R9pkiw0.esm.js} +3 -3
  38. package/dist/{solana-mobile-wallet-provider-BMGBQI3W.esm.js.map → solana-mobile-wallet-provider-7R9pkiw0.esm.js.map} +1 -1
  39. package/dist/{solana-mobile-wallet-provider-DmBKAypM.js → solana-mobile-wallet-provider-n8aM2vet.js} +3 -3
  40. package/dist/{solana-mobile-wallet-provider-DmBKAypM.js.map → solana-mobile-wallet-provider-n8aM2vet.js.map} +1 -1
  41. package/package.json +2 -2
  42. package/dist/index-DGOP9-5L.esm.js.map +0 -1
  43. package/dist/index-DHI02_l_.js.map +0 -1
  44. package/dist/index.browser-0dewreQm.esm.js.map +0 -1
  45. package/dist/index.browser-B-pUCZgP.esm.js.map +0 -1
  46. package/dist/index.browser-C9AVHEa4.js.map +0 -1
  47. package/dist/index.browser-rhFUHjM1.js.map +0 -1
  48. package/dist/index.native-CXtxnE1X.esm.js.map +0 -1
  49. package/dist/index.native-DzDWIHgW.js.map +0 -1
  50. package/dist/phantom-wallet-provider-SmsVVBCI.esm.js.map +0 -1
  51. package/dist/phantom-wallet-provider-mA4Yaf-t.js.map +0 -1
package/dist/{index-DGOP9-5L.esm.js → index-Bk0jNQeJ.esm.js} RENAMED
@@ -4,21 +4,6 @@ import * as anchor from '@coral-xyz/anchor';
4
4
  import { Program } from '@coral-xyz/anchor';
5
5
  import * as React$2 from 'react';
6
6
 
7
- function _mergeNamespaces(n, m) {
8
- m.forEach(function (e) {
9
- e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
10
- if (k !== 'default' && !(k in n)) {
11
- var d = Object.getOwnPropertyDescriptor(e, k);
12
- Object.defineProperty(n, k, d.get ? d : {
13
- enumerable: true,
14
- get: function () { return e[k]; }
15
- });
16
- }
17
- });
18
- });
19
- return Object.freeze(n);
20
- }
21
-
22
7
  function getDefaultExportFromCjs$1 (x) {
23
8
  return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
24
9
  }
@@ -31,7 +16,7 @@ function commonjsRequire(path) {
31
16
  throw new Error('Could not dynamically require "' + path + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.');
32
17
  }
33
18
 
34
- var naclFast$1 = {exports: {}};
19
+ var naclFast = {exports: {}};
35
20
 
36
21
  var _nodeResolve_empty = {};
37
22
 
@@ -42,11 +27,11 @@ var _nodeResolve_empty$1 = /*#__PURE__*/Object.freeze({
42
27
 
43
28
  var require$$0 = /*@__PURE__*/getDefaultExportFromNamespaceIfNotNamed(_nodeResolve_empty$1);
44
29
 
45
- var hasRequiredNaclFast$1;
30
+ var hasRequiredNaclFast;
46
31
 
47
- function requireNaclFast$1 () {
48
- if (hasRequiredNaclFast$1) return naclFast$1.exports;
49
- hasRequiredNaclFast$1 = 1;
32
+ function requireNaclFast () {
33
+ if (hasRequiredNaclFast) return naclFast.exports;
34
+ hasRequiredNaclFast = 1;
50
35
  (function (module) {
51
36
  (function(nacl) {
52
37
 
@@ -2438,12 +2423,12 @@ function requireNaclFast$1 () {
2438
2423
  })();
2439
2424
 
2440
2425
  })(module.exports ? module.exports : (self.nacl = self.nacl || {}));
2441
- } (naclFast$1));
2442
- return naclFast$1.exports;
2426
+ } (naclFast));
2427
+ return naclFast.exports;
2443
2428
  }
2444
2429
 
2445
- var naclFastExports$1 = requireNaclFast$1();
2446
- var nacl$1 = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports$1);
2430
+ var naclFastExports = requireNaclFast();
2431
+ var nacl = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports);
2447
2432
 
2448
2433
  var bn$1 = {exports: {}};
2449
2434
 
@@ -6764,6 +6749,28 @@ class WebSessionManager {
6764
6749
  static async storeSession(address, accessToken, idToken, refreshToken) {
6765
6750
  if (typeof window === "undefined")
6766
6751
  return;
6752
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
6753
+ // to a different wallet than `address`. Prevents races that would otherwise
6754
+ // leave localStorage with mismatched address/token state.
6755
+ try {
6756
+ const payloadB64 = idToken.split(".")[1];
6757
+ if (payloadB64) {
6758
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
6759
+ const tokenWallet = payload["custom:walletAddress"];
6760
+ if (tokenWallet && tokenWallet !== address) {
6761
+ throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
6762
+ }
6763
+ if (!tokenWallet) {
6764
+ console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
6765
+ }
6766
+ }
6767
+ }
6768
+ catch (err) {
6769
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
6770
+ throw err;
6771
+ }
6772
+ console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
6773
+ }
6767
6774
  const config = await getConfig();
6768
6775
  const currentAppId = config.appId;
6769
6776
  localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9462,11 +9469,11 @@ function requireSrc$1 () {
9462
9469
  }
9463
9470
 
9464
9471
  var bs58$1;
9465
- var hasRequiredBs58$1;
9472
+ var hasRequiredBs58;
9466
9473
 
9467
- function requireBs58$1 () {
9468
- if (hasRequiredBs58$1) return bs58$1;
9469
- hasRequiredBs58$1 = 1;
9474
+ function requireBs58 () {
9475
+ if (hasRequiredBs58) return bs58$1;
9476
+ hasRequiredBs58 = 1;
9470
9477
  var basex = requireSrc$1();
9471
9478
  var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
9472
9479
 
@@ -9474,8 +9481,8 @@ function requireBs58$1 () {
9474
9481
  return bs58$1;
9475
9482
  }
9476
9483
 
9477
- var bs58Exports$1 = requireBs58$1();
9478
- var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
9484
+ var bs58Exports = requireBs58();
9485
+ var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
9479
9486
 
9480
9487
  // ─────────────────────────────────────────────────────────────
9481
9488
  // Local implementation of getSimulationComputeUnits
@@ -9737,7 +9744,7 @@ function loadKeypairFromEnv() {
9737
9744
  try {
9738
9745
  const secretKey = secret.trim().startsWith("[")
9739
9746
  ? Uint8Array.from(JSON.parse(secret))
9740
- : bs58$2.decode(secret.trim());
9747
+ : bs58.decode(secret.trim());
9741
9748
  return Keypair.fromSecretKey(secretKey);
9742
9749
  }
9743
9750
  catch (err) {
@@ -9773,7 +9780,7 @@ class ServerSessionManager {
9773
9780
  const nonce = await genAuthNonce();
9774
9781
  const message = await genSolanaMessage(address, nonce);
9775
9782
  /* sign the message */
9776
- const sigBytes = nacl$1.sign.detached(new TextEncoder().encode(message), kp.secretKey);
9783
+ const sigBytes = nacl.sign.detached(new TextEncoder().encode(message), kp.secretKey);
9777
9784
  const signature = bufferExports$1.Buffer.from(sigBytes).toString("base64");
9778
9785
  /* call auth API */
9779
9786
  const { accessToken, idToken, refreshToken, } = await createSessionWithSignature(address, message, signature);
@@ -11682,6 +11689,28 @@ class ReactNativeSessionManager {
11682
11689
  /* STORE */
11683
11690
  /* ------------------------------------------------------------------ */
11684
11691
  static async storeSession(address, accessToken, idToken, refreshToken) {
11692
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
11693
+ // to a different wallet than `address`. Prevents races that would otherwise
11694
+ // leave storage with mismatched address/token state.
11695
+ try {
11696
+ const payloadB64 = idToken.split(".")[1];
11697
+ if (payloadB64) {
11698
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
11699
+ const tokenWallet = payload["custom:walletAddress"];
11700
+ if (tokenWallet && tokenWallet !== address) {
11701
+ throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
11702
+ }
11703
+ if (!tokenWallet) {
11704
+ console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
11705
+ }
11706
+ }
11707
+ }
11708
+ catch (err) {
11709
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
11710
+ throw err;
11711
+ }
11712
+ console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
11713
+ }
11685
11714
  const config = await getConfig();
11686
11715
  const currentAppId = config.appId;
11687
11716
  this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -14446,2411 +14475,6 @@ function requireBuffer () {
14446
14475
 
14447
14476
  var bufferExports = requireBuffer();
14448
14477
 
14449
- var naclFast = {exports: {}};
14450
-
14451
- var hasRequiredNaclFast;
14452
-
14453
- function requireNaclFast () {
14454
- if (hasRequiredNaclFast) return naclFast.exports;
14455
- hasRequiredNaclFast = 1;
14456
- (function (module) {
14457
- (function(nacl) {
14458
-
14459
- // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.
14460
- // Public domain.
14461
- //
14462
- // Implementation derived from TweetNaCl version 20140427.
14463
- // See for details: http://tweetnacl.cr.yp.to/
14464
-
14465
- var gf = function(init) {
14466
- var i, r = new Float64Array(16);
14467
- if (init) for (i = 0; i < init.length; i++) r[i] = init[i];
14468
- return r;
14469
- };
14470
-
14471
- // Pluggable, initialized in high-level API below.
14472
- var randombytes = function(/* x, n */) { throw new Error('no PRNG'); };
14473
-
14474
- var _0 = new Uint8Array(16);
14475
- var _9 = new Uint8Array(32); _9[0] = 9;
14476
-
14477
- var gf0 = gf(),
14478
- gf1 = gf([1]),
14479
- _121665 = gf([0xdb41, 1]),
14480
- D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),
14481
- D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),
14482
- X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),
14483
- Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),
14484
- I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);
14485
-
14486
- function ts64(x, i, h, l) {
14487
- x[i] = (h >> 24) & 0xff;
14488
- x[i+1] = (h >> 16) & 0xff;
14489
- x[i+2] = (h >> 8) & 0xff;
14490
- x[i+3] = h & 0xff;
14491
- x[i+4] = (l >> 24) & 0xff;
14492
- x[i+5] = (l >> 16) & 0xff;
14493
- x[i+6] = (l >> 8) & 0xff;
14494
- x[i+7] = l & 0xff;
14495
- }
14496
-
14497
- function vn(x, xi, y, yi, n) {
14498
- var i,d = 0;
14499
- for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];
14500
- return (1 & ((d - 1) >>> 8)) - 1;
14501
- }
14502
-
14503
- function crypto_verify_16(x, xi, y, yi) {
14504
- return vn(x,xi,y,yi,16);
14505
- }
14506
-
14507
- function crypto_verify_32(x, xi, y, yi) {
14508
- return vn(x,xi,y,yi,32);
14509
- }
14510
-
14511
- function core_salsa20(o, p, k, c) {
14512
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,
14513
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,
14514
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,
14515
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,
14516
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,
14517
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,
14518
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,
14519
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,
14520
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,
14521
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,
14522
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,
14523
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,
14524
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,
14525
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,
14526
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,
14527
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;
14528
-
14529
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,
14530
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,
14531
- x15 = j15, u;
14532
-
14533
- for (var i = 0; i < 20; i += 2) {
14534
- u = x0 + x12 | 0;
14535
- x4 ^= u<<7 | u>>>(32-7);
14536
- u = x4 + x0 | 0;
14537
- x8 ^= u<<9 | u>>>(32-9);
14538
- u = x8 + x4 | 0;
14539
- x12 ^= u<<13 | u>>>(32-13);
14540
- u = x12 + x8 | 0;
14541
- x0 ^= u<<18 | u>>>(32-18);
14542
-
14543
- u = x5 + x1 | 0;
14544
- x9 ^= u<<7 | u>>>(32-7);
14545
- u = x9 + x5 | 0;
14546
- x13 ^= u<<9 | u>>>(32-9);
14547
- u = x13 + x9 | 0;
14548
- x1 ^= u<<13 | u>>>(32-13);
14549
- u = x1 + x13 | 0;
14550
- x5 ^= u<<18 | u>>>(32-18);
14551
-
14552
- u = x10 + x6 | 0;
14553
- x14 ^= u<<7 | u>>>(32-7);
14554
- u = x14 + x10 | 0;
14555
- x2 ^= u<<9 | u>>>(32-9);
14556
- u = x2 + x14 | 0;
14557
- x6 ^= u<<13 | u>>>(32-13);
14558
- u = x6 + x2 | 0;
14559
- x10 ^= u<<18 | u>>>(32-18);
14560
-
14561
- u = x15 + x11 | 0;
14562
- x3 ^= u<<7 | u>>>(32-7);
14563
- u = x3 + x15 | 0;
14564
- x7 ^= u<<9 | u>>>(32-9);
14565
- u = x7 + x3 | 0;
14566
- x11 ^= u<<13 | u>>>(32-13);
14567
- u = x11 + x7 | 0;
14568
- x15 ^= u<<18 | u>>>(32-18);
14569
-
14570
- u = x0 + x3 | 0;
14571
- x1 ^= u<<7 | u>>>(32-7);
14572
- u = x1 + x0 | 0;
14573
- x2 ^= u<<9 | u>>>(32-9);
14574
- u = x2 + x1 | 0;
14575
- x3 ^= u<<13 | u>>>(32-13);
14576
- u = x3 + x2 | 0;
14577
- x0 ^= u<<18 | u>>>(32-18);
14578
-
14579
- u = x5 + x4 | 0;
14580
- x6 ^= u<<7 | u>>>(32-7);
14581
- u = x6 + x5 | 0;
14582
- x7 ^= u<<9 | u>>>(32-9);
14583
- u = x7 + x6 | 0;
14584
- x4 ^= u<<13 | u>>>(32-13);
14585
- u = x4 + x7 | 0;
14586
- x5 ^= u<<18 | u>>>(32-18);
14587
-
14588
- u = x10 + x9 | 0;
14589
- x11 ^= u<<7 | u>>>(32-7);
14590
- u = x11 + x10 | 0;
14591
- x8 ^= u<<9 | u>>>(32-9);
14592
- u = x8 + x11 | 0;
14593
- x9 ^= u<<13 | u>>>(32-13);
14594
- u = x9 + x8 | 0;
14595
- x10 ^= u<<18 | u>>>(32-18);
14596
-
14597
- u = x15 + x14 | 0;
14598
- x12 ^= u<<7 | u>>>(32-7);
14599
- u = x12 + x15 | 0;
14600
- x13 ^= u<<9 | u>>>(32-9);
14601
- u = x13 + x12 | 0;
14602
- x14 ^= u<<13 | u>>>(32-13);
14603
- u = x14 + x13 | 0;
14604
- x15 ^= u<<18 | u>>>(32-18);
14605
- }
14606
- x0 = x0 + j0 | 0;
14607
- x1 = x1 + j1 | 0;
14608
- x2 = x2 + j2 | 0;
14609
- x3 = x3 + j3 | 0;
14610
- x4 = x4 + j4 | 0;
14611
- x5 = x5 + j5 | 0;
14612
- x6 = x6 + j6 | 0;
14613
- x7 = x7 + j7 | 0;
14614
- x8 = x8 + j8 | 0;
14615
- x9 = x9 + j9 | 0;
14616
- x10 = x10 + j10 | 0;
14617
- x11 = x11 + j11 | 0;
14618
- x12 = x12 + j12 | 0;
14619
- x13 = x13 + j13 | 0;
14620
- x14 = x14 + j14 | 0;
14621
- x15 = x15 + j15 | 0;
14622
-
14623
- o[ 0] = x0 >>> 0 & 0xff;
14624
- o[ 1] = x0 >>> 8 & 0xff;
14625
- o[ 2] = x0 >>> 16 & 0xff;
14626
- o[ 3] = x0 >>> 24 & 0xff;
14627
-
14628
- o[ 4] = x1 >>> 0 & 0xff;
14629
- o[ 5] = x1 >>> 8 & 0xff;
14630
- o[ 6] = x1 >>> 16 & 0xff;
14631
- o[ 7] = x1 >>> 24 & 0xff;
14632
-
14633
- o[ 8] = x2 >>> 0 & 0xff;
14634
- o[ 9] = x2 >>> 8 & 0xff;
14635
- o[10] = x2 >>> 16 & 0xff;
14636
- o[11] = x2 >>> 24 & 0xff;
14637
-
14638
- o[12] = x3 >>> 0 & 0xff;
14639
- o[13] = x3 >>> 8 & 0xff;
14640
- o[14] = x3 >>> 16 & 0xff;
14641
- o[15] = x3 >>> 24 & 0xff;
14642
-
14643
- o[16] = x4 >>> 0 & 0xff;
14644
- o[17] = x4 >>> 8 & 0xff;
14645
- o[18] = x4 >>> 16 & 0xff;
14646
- o[19] = x4 >>> 24 & 0xff;
14647
-
14648
- o[20] = x5 >>> 0 & 0xff;
14649
- o[21] = x5 >>> 8 & 0xff;
14650
- o[22] = x5 >>> 16 & 0xff;
14651
- o[23] = x5 >>> 24 & 0xff;
14652
-
14653
- o[24] = x6 >>> 0 & 0xff;
14654
- o[25] = x6 >>> 8 & 0xff;
14655
- o[26] = x6 >>> 16 & 0xff;
14656
- o[27] = x6 >>> 24 & 0xff;
14657
-
14658
- o[28] = x7 >>> 0 & 0xff;
14659
- o[29] = x7 >>> 8 & 0xff;
14660
- o[30] = x7 >>> 16 & 0xff;
14661
- o[31] = x7 >>> 24 & 0xff;
14662
-
14663
- o[32] = x8 >>> 0 & 0xff;
14664
- o[33] = x8 >>> 8 & 0xff;
14665
- o[34] = x8 >>> 16 & 0xff;
14666
- o[35] = x8 >>> 24 & 0xff;
14667
-
14668
- o[36] = x9 >>> 0 & 0xff;
14669
- o[37] = x9 >>> 8 & 0xff;
14670
- o[38] = x9 >>> 16 & 0xff;
14671
- o[39] = x9 >>> 24 & 0xff;
14672
-
14673
- o[40] = x10 >>> 0 & 0xff;
14674
- o[41] = x10 >>> 8 & 0xff;
14675
- o[42] = x10 >>> 16 & 0xff;
14676
- o[43] = x10 >>> 24 & 0xff;
14677
-
14678
- o[44] = x11 >>> 0 & 0xff;
14679
- o[45] = x11 >>> 8 & 0xff;
14680
- o[46] = x11 >>> 16 & 0xff;
14681
- o[47] = x11 >>> 24 & 0xff;
14682
-
14683
- o[48] = x12 >>> 0 & 0xff;
14684
- o[49] = x12 >>> 8 & 0xff;
14685
- o[50] = x12 >>> 16 & 0xff;
14686
- o[51] = x12 >>> 24 & 0xff;
14687
-
14688
- o[52] = x13 >>> 0 & 0xff;
14689
- o[53] = x13 >>> 8 & 0xff;
14690
- o[54] = x13 >>> 16 & 0xff;
14691
- o[55] = x13 >>> 24 & 0xff;
14692
-
14693
- o[56] = x14 >>> 0 & 0xff;
14694
- o[57] = x14 >>> 8 & 0xff;
14695
- o[58] = x14 >>> 16 & 0xff;
14696
- o[59] = x14 >>> 24 & 0xff;
14697
-
14698
- o[60] = x15 >>> 0 & 0xff;
14699
- o[61] = x15 >>> 8 & 0xff;
14700
- o[62] = x15 >>> 16 & 0xff;
14701
- o[63] = x15 >>> 24 & 0xff;
14702
- }
14703
-
14704
- function core_hsalsa20(o,p,k,c) {
14705
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,
14706
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,
14707
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,
14708
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,
14709
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,
14710
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,
14711
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,
14712
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,
14713
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,
14714
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,
14715
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,
14716
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,
14717
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,
14718
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,
14719
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,
14720
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;
14721
-
14722
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,
14723
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,
14724
- x15 = j15, u;
14725
-
14726
- for (var i = 0; i < 20; i += 2) {
14727
- u = x0 + x12 | 0;
14728
- x4 ^= u<<7 | u>>>(32-7);
14729
- u = x4 + x0 | 0;
14730
- x8 ^= u<<9 | u>>>(32-9);
14731
- u = x8 + x4 | 0;
14732
- x12 ^= u<<13 | u>>>(32-13);
14733
- u = x12 + x8 | 0;
14734
- x0 ^= u<<18 | u>>>(32-18);
14735
-
14736
- u = x5 + x1 | 0;
14737
- x9 ^= u<<7 | u>>>(32-7);
14738
- u = x9 + x5 | 0;
14739
- x13 ^= u<<9 | u>>>(32-9);
14740
- u = x13 + x9 | 0;
14741
- x1 ^= u<<13 | u>>>(32-13);
14742
- u = x1 + x13 | 0;
14743
- x5 ^= u<<18 | u>>>(32-18);
14744
-
14745
- u = x10 + x6 | 0;
14746
- x14 ^= u<<7 | u>>>(32-7);
14747
- u = x14 + x10 | 0;
14748
- x2 ^= u<<9 | u>>>(32-9);
14749
- u = x2 + x14 | 0;
14750
- x6 ^= u<<13 | u>>>(32-13);
14751
- u = x6 + x2 | 0;
14752
- x10 ^= u<<18 | u>>>(32-18);
14753
-
14754
- u = x15 + x11 | 0;
14755
- x3 ^= u<<7 | u>>>(32-7);
14756
- u = x3 + x15 | 0;
14757
- x7 ^= u<<9 | u>>>(32-9);
14758
- u = x7 + x3 | 0;
14759
- x11 ^= u<<13 | u>>>(32-13);
14760
- u = x11 + x7 | 0;
14761
- x15 ^= u<<18 | u>>>(32-18);
14762
-
14763
- u = x0 + x3 | 0;
14764
- x1 ^= u<<7 | u>>>(32-7);
14765
- u = x1 + x0 | 0;
14766
- x2 ^= u<<9 | u>>>(32-9);
14767
- u = x2 + x1 | 0;
14768
- x3 ^= u<<13 | u>>>(32-13);
14769
- u = x3 + x2 | 0;
14770
- x0 ^= u<<18 | u>>>(32-18);
14771
-
14772
- u = x5 + x4 | 0;
14773
- x6 ^= u<<7 | u>>>(32-7);
14774
- u = x6 + x5 | 0;
14775
- x7 ^= u<<9 | u>>>(32-9);
14776
- u = x7 + x6 | 0;
14777
- x4 ^= u<<13 | u>>>(32-13);
14778
- u = x4 + x7 | 0;
14779
- x5 ^= u<<18 | u>>>(32-18);
14780
-
14781
- u = x10 + x9 | 0;
14782
- x11 ^= u<<7 | u>>>(32-7);
14783
- u = x11 + x10 | 0;
14784
- x8 ^= u<<9 | u>>>(32-9);
14785
- u = x8 + x11 | 0;
14786
- x9 ^= u<<13 | u>>>(32-13);
14787
- u = x9 + x8 | 0;
14788
- x10 ^= u<<18 | u>>>(32-18);
14789
-
14790
- u = x15 + x14 | 0;
14791
- x12 ^= u<<7 | u>>>(32-7);
14792
- u = x12 + x15 | 0;
14793
- x13 ^= u<<9 | u>>>(32-9);
14794
- u = x13 + x12 | 0;
14795
- x14 ^= u<<13 | u>>>(32-13);
14796
- u = x14 + x13 | 0;
14797
- x15 ^= u<<18 | u>>>(32-18);
14798
- }
14799
-
14800
- o[ 0] = x0 >>> 0 & 0xff;
14801
- o[ 1] = x0 >>> 8 & 0xff;
14802
- o[ 2] = x0 >>> 16 & 0xff;
14803
- o[ 3] = x0 >>> 24 & 0xff;
14804
-
14805
- o[ 4] = x5 >>> 0 & 0xff;
14806
- o[ 5] = x5 >>> 8 & 0xff;
14807
- o[ 6] = x5 >>> 16 & 0xff;
14808
- o[ 7] = x5 >>> 24 & 0xff;
14809
-
14810
- o[ 8] = x10 >>> 0 & 0xff;
14811
- o[ 9] = x10 >>> 8 & 0xff;
14812
- o[10] = x10 >>> 16 & 0xff;
14813
- o[11] = x10 >>> 24 & 0xff;
14814
-
14815
- o[12] = x15 >>> 0 & 0xff;
14816
- o[13] = x15 >>> 8 & 0xff;
14817
- o[14] = x15 >>> 16 & 0xff;
14818
- o[15] = x15 >>> 24 & 0xff;
14819
-
14820
- o[16] = x6 >>> 0 & 0xff;
14821
- o[17] = x6 >>> 8 & 0xff;
14822
- o[18] = x6 >>> 16 & 0xff;
14823
- o[19] = x6 >>> 24 & 0xff;
14824
-
14825
- o[20] = x7 >>> 0 & 0xff;
14826
- o[21] = x7 >>> 8 & 0xff;
14827
- o[22] = x7 >>> 16 & 0xff;
14828
- o[23] = x7 >>> 24 & 0xff;
14829
-
14830
- o[24] = x8 >>> 0 & 0xff;
14831
- o[25] = x8 >>> 8 & 0xff;
14832
- o[26] = x8 >>> 16 & 0xff;
14833
- o[27] = x8 >>> 24 & 0xff;
14834
-
14835
- o[28] = x9 >>> 0 & 0xff;
14836
- o[29] = x9 >>> 8 & 0xff;
14837
- o[30] = x9 >>> 16 & 0xff;
14838
- o[31] = x9 >>> 24 & 0xff;
14839
- }
14840
-
14841
- function crypto_core_salsa20(out,inp,k,c) {
14842
- core_salsa20(out,inp,k,c);
14843
- }
14844
-
14845
- function crypto_core_hsalsa20(out,inp,k,c) {
14846
- core_hsalsa20(out,inp,k,c);
14847
- }
14848
-
14849
- var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);
14850
- // "expand 32-byte k"
14851
-
14852
- function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) {
14853
- var z = new Uint8Array(16), x = new Uint8Array(64);
14854
- var u, i;
14855
- for (i = 0; i < 16; i++) z[i] = 0;
14856
- for (i = 0; i < 8; i++) z[i] = n[i];
14857
- while (b >= 64) {
14858
- crypto_core_salsa20(x,z,k,sigma);
14859
- for (i = 0; i < 64; i++) c[cpos+i] = m[mpos+i] ^ x[i];
14860
- u = 1;
14861
- for (i = 8; i < 16; i++) {
14862
- u = u + (z[i] & 0xff) | 0;
14863
- z[i] = u & 0xff;
14864
- u >>>= 8;
14865
- }
14866
- b -= 64;
14867
- cpos += 64;
14868
- mpos += 64;
14869
- }
14870
- if (b > 0) {
14871
- crypto_core_salsa20(x,z,k,sigma);
14872
- for (i = 0; i < b; i++) c[cpos+i] = m[mpos+i] ^ x[i];
14873
- }
14874
- return 0;
14875
- }
14876
-
14877
- function crypto_stream_salsa20(c,cpos,b,n,k) {
14878
- var z = new Uint8Array(16), x = new Uint8Array(64);
14879
- var u, i;
14880
- for (i = 0; i < 16; i++) z[i] = 0;
14881
- for (i = 0; i < 8; i++) z[i] = n[i];
14882
- while (b >= 64) {
14883
- crypto_core_salsa20(x,z,k,sigma);
14884
- for (i = 0; i < 64; i++) c[cpos+i] = x[i];
14885
- u = 1;
14886
- for (i = 8; i < 16; i++) {
14887
- u = u + (z[i] & 0xff) | 0;
14888
- z[i] = u & 0xff;
14889
- u >>>= 8;
14890
- }
14891
- b -= 64;
14892
- cpos += 64;
14893
- }
14894
- if (b > 0) {
14895
- crypto_core_salsa20(x,z,k,sigma);
14896
- for (i = 0; i < b; i++) c[cpos+i] = x[i];
14897
- }
14898
- return 0;
14899
- }
14900
-
14901
- function crypto_stream(c,cpos,d,n,k) {
14902
- var s = new Uint8Array(32);
14903
- crypto_core_hsalsa20(s,n,k,sigma);
14904
- var sn = new Uint8Array(8);
14905
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];
14906
- return crypto_stream_salsa20(c,cpos,d,sn,s);
14907
- }
14908
-
14909
- function crypto_stream_xor(c,cpos,m,mpos,d,n,k) {
14910
- var s = new Uint8Array(32);
14911
- crypto_core_hsalsa20(s,n,k,sigma);
14912
- var sn = new Uint8Array(8);
14913
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];
14914
- return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,sn,s);
14915
- }
14916
-
14917
- /*
14918
- * Port of Andrew Moon's Poly1305-donna-16. Public domain.
14919
- * https://github.com/floodyberry/poly1305-donna
14920
- */
14921
-
14922
- var poly1305 = function(key) {
14923
- this.buffer = new Uint8Array(16);
14924
- this.r = new Uint16Array(10);
14925
- this.h = new Uint16Array(10);
14926
- this.pad = new Uint16Array(8);
14927
- this.leftover = 0;
14928
- this.fin = 0;
14929
-
14930
- var t0, t1, t2, t3, t4, t5, t6, t7;
14931
-
14932
- t0 = key[ 0] & 0xff | (key[ 1] & 0xff) << 8; this.r[0] = ( t0 ) & 0x1fff;
14933
- t1 = key[ 2] & 0xff | (key[ 3] & 0xff) << 8; this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
14934
- t2 = key[ 4] & 0xff | (key[ 5] & 0xff) << 8; this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;
14935
- t3 = key[ 6] & 0xff | (key[ 7] & 0xff) << 8; this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
14936
- t4 = key[ 8] & 0xff | (key[ 9] & 0xff) << 8; this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff;
14937
- this.r[5] = ((t4 >>> 1)) & 0x1ffe;
14938
- t5 = key[10] & 0xff | (key[11] & 0xff) << 8; this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
14939
- t6 = key[12] & 0xff | (key[13] & 0xff) << 8; this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;
14940
- t7 = key[14] & 0xff | (key[15] & 0xff) << 8; this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
14941
- this.r[9] = ((t7 >>> 5)) & 0x007f;
14942
-
14943
- this.pad[0] = key[16] & 0xff | (key[17] & 0xff) << 8;
14944
- this.pad[1] = key[18] & 0xff | (key[19] & 0xff) << 8;
14945
- this.pad[2] = key[20] & 0xff | (key[21] & 0xff) << 8;
14946
- this.pad[3] = key[22] & 0xff | (key[23] & 0xff) << 8;
14947
- this.pad[4] = key[24] & 0xff | (key[25] & 0xff) << 8;
14948
- this.pad[5] = key[26] & 0xff | (key[27] & 0xff) << 8;
14949
- this.pad[6] = key[28] & 0xff | (key[29] & 0xff) << 8;
14950
- this.pad[7] = key[30] & 0xff | (key[31] & 0xff) << 8;
14951
- };
14952
-
14953
- poly1305.prototype.blocks = function(m, mpos, bytes) {
14954
- var hibit = this.fin ? 0 : (1 << 11);
14955
- var t0, t1, t2, t3, t4, t5, t6, t7, c;
14956
- var d0, d1, d2, d3, d4, d5, d6, d7, d8, d9;
14957
-
14958
- var h0 = this.h[0],
14959
- h1 = this.h[1],
14960
- h2 = this.h[2],
14961
- h3 = this.h[3],
14962
- h4 = this.h[4],
14963
- h5 = this.h[5],
14964
- h6 = this.h[6],
14965
- h7 = this.h[7],
14966
- h8 = this.h[8],
14967
- h9 = this.h[9];
14968
-
14969
- var r0 = this.r[0],
14970
- r1 = this.r[1],
14971
- r2 = this.r[2],
14972
- r3 = this.r[3],
14973
- r4 = this.r[4],
14974
- r5 = this.r[5],
14975
- r6 = this.r[6],
14976
- r7 = this.r[7],
14977
- r8 = this.r[8],
14978
- r9 = this.r[9];
14979
-
14980
- while (bytes >= 16) {
14981
- t0 = m[mpos+ 0] & 0xff | (m[mpos+ 1] & 0xff) << 8; h0 += ( t0 ) & 0x1fff;
14982
- t1 = m[mpos+ 2] & 0xff | (m[mpos+ 3] & 0xff) << 8; h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
14983
- t2 = m[mpos+ 4] & 0xff | (m[mpos+ 5] & 0xff) << 8; h2 += ((t1 >>> 10) | (t2 << 6)) & 0x1fff;
14984
- t3 = m[mpos+ 6] & 0xff | (m[mpos+ 7] & 0xff) << 8; h3 += ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
14985
- t4 = m[mpos+ 8] & 0xff | (m[mpos+ 9] & 0xff) << 8; h4 += ((t3 >>> 4) | (t4 << 12)) & 0x1fff;
14986
- h5 += ((t4 >>> 1)) & 0x1fff;
14987
- t5 = m[mpos+10] & 0xff | (m[mpos+11] & 0xff) << 8; h6 += ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
14988
- t6 = m[mpos+12] & 0xff | (m[mpos+13] & 0xff) << 8; h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff;
14989
- t7 = m[mpos+14] & 0xff | (m[mpos+15] & 0xff) << 8; h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
14990
- h9 += ((t7 >>> 5)) | hibit;
14991
-
14992
- c = 0;
14993
-
14994
- d0 = c;
14995
- d0 += h0 * r0;
14996
- d0 += h1 * (5 * r9);
14997
- d0 += h2 * (5 * r8);
14998
- d0 += h3 * (5 * r7);
14999
- d0 += h4 * (5 * r6);
15000
- c = (d0 >>> 13); d0 &= 0x1fff;
15001
- d0 += h5 * (5 * r5);
15002
- d0 += h6 * (5 * r4);
15003
- d0 += h7 * (5 * r3);
15004
- d0 += h8 * (5 * r2);
15005
- d0 += h9 * (5 * r1);
15006
- c += (d0 >>> 13); d0 &= 0x1fff;
15007
-
15008
- d1 = c;
15009
- d1 += h0 * r1;
15010
- d1 += h1 * r0;
15011
- d1 += h2 * (5 * r9);
15012
- d1 += h3 * (5 * r8);
15013
- d1 += h4 * (5 * r7);
15014
- c = (d1 >>> 13); d1 &= 0x1fff;
15015
- d1 += h5 * (5 * r6);
15016
- d1 += h6 * (5 * r5);
15017
- d1 += h7 * (5 * r4);
15018
- d1 += h8 * (5 * r3);
15019
- d1 += h9 * (5 * r2);
15020
- c += (d1 >>> 13); d1 &= 0x1fff;
15021
-
15022
- d2 = c;
15023
- d2 += h0 * r2;
15024
- d2 += h1 * r1;
15025
- d2 += h2 * r0;
15026
- d2 += h3 * (5 * r9);
15027
- d2 += h4 * (5 * r8);
15028
- c = (d2 >>> 13); d2 &= 0x1fff;
15029
- d2 += h5 * (5 * r7);
15030
- d2 += h6 * (5 * r6);
15031
- d2 += h7 * (5 * r5);
15032
- d2 += h8 * (5 * r4);
15033
- d2 += h9 * (5 * r3);
15034
- c += (d2 >>> 13); d2 &= 0x1fff;
15035
-
15036
- d3 = c;
15037
- d3 += h0 * r3;
15038
- d3 += h1 * r2;
15039
- d3 += h2 * r1;
15040
- d3 += h3 * r0;
15041
- d3 += h4 * (5 * r9);
15042
- c = (d3 >>> 13); d3 &= 0x1fff;
15043
- d3 += h5 * (5 * r8);
15044
- d3 += h6 * (5 * r7);
15045
- d3 += h7 * (5 * r6);
15046
- d3 += h8 * (5 * r5);
15047
- d3 += h9 * (5 * r4);
15048
- c += (d3 >>> 13); d3 &= 0x1fff;
15049
-
15050
- d4 = c;
15051
- d4 += h0 * r4;
15052
- d4 += h1 * r3;
15053
- d4 += h2 * r2;
15054
- d4 += h3 * r1;
15055
- d4 += h4 * r0;
15056
- c = (d4 >>> 13); d4 &= 0x1fff;
15057
- d4 += h5 * (5 * r9);
15058
- d4 += h6 * (5 * r8);
15059
- d4 += h7 * (5 * r7);
15060
- d4 += h8 * (5 * r6);
15061
- d4 += h9 * (5 * r5);
15062
- c += (d4 >>> 13); d4 &= 0x1fff;
15063
-
15064
- d5 = c;
15065
- d5 += h0 * r5;
15066
- d5 += h1 * r4;
15067
- d5 += h2 * r3;
15068
- d5 += h3 * r2;
15069
- d5 += h4 * r1;
15070
- c = (d5 >>> 13); d5 &= 0x1fff;
15071
- d5 += h5 * r0;
15072
- d5 += h6 * (5 * r9);
15073
- d5 += h7 * (5 * r8);
15074
- d5 += h8 * (5 * r7);
15075
- d5 += h9 * (5 * r6);
15076
- c += (d5 >>> 13); d5 &= 0x1fff;
15077
-
15078
- d6 = c;
15079
- d6 += h0 * r6;
15080
- d6 += h1 * r5;
15081
- d6 += h2 * r4;
15082
- d6 += h3 * r3;
15083
- d6 += h4 * r2;
15084
- c = (d6 >>> 13); d6 &= 0x1fff;
15085
- d6 += h5 * r1;
15086
- d6 += h6 * r0;
15087
- d6 += h7 * (5 * r9);
15088
- d6 += h8 * (5 * r8);
15089
- d6 += h9 * (5 * r7);
15090
- c += (d6 >>> 13); d6 &= 0x1fff;
15091
-
15092
- d7 = c;
15093
- d7 += h0 * r7;
15094
- d7 += h1 * r6;
15095
- d7 += h2 * r5;
15096
- d7 += h3 * r4;
15097
- d7 += h4 * r3;
15098
- c = (d7 >>> 13); d7 &= 0x1fff;
15099
- d7 += h5 * r2;
15100
- d7 += h6 * r1;
15101
- d7 += h7 * r0;
15102
- d7 += h8 * (5 * r9);
15103
- d7 += h9 * (5 * r8);
15104
- c += (d7 >>> 13); d7 &= 0x1fff;
15105
-
15106
- d8 = c;
15107
- d8 += h0 * r8;
15108
- d8 += h1 * r7;
15109
- d8 += h2 * r6;
15110
- d8 += h3 * r5;
15111
- d8 += h4 * r4;
15112
- c = (d8 >>> 13); d8 &= 0x1fff;
15113
- d8 += h5 * r3;
15114
- d8 += h6 * r2;
15115
- d8 += h7 * r1;
15116
- d8 += h8 * r0;
15117
- d8 += h9 * (5 * r9);
15118
- c += (d8 >>> 13); d8 &= 0x1fff;
15119
-
15120
- d9 = c;
15121
- d9 += h0 * r9;
15122
- d9 += h1 * r8;
15123
- d9 += h2 * r7;
15124
- d9 += h3 * r6;
15125
- d9 += h4 * r5;
15126
- c = (d9 >>> 13); d9 &= 0x1fff;
15127
- d9 += h5 * r4;
15128
- d9 += h6 * r3;
15129
- d9 += h7 * r2;
15130
- d9 += h8 * r1;
15131
- d9 += h9 * r0;
15132
- c += (d9 >>> 13); d9 &= 0x1fff;
15133
-
15134
- c = (((c << 2) + c)) | 0;
15135
- c = (c + d0) | 0;
15136
- d0 = c & 0x1fff;
15137
- c = (c >>> 13);
15138
- d1 += c;
15139
-
15140
- h0 = d0;
15141
- h1 = d1;
15142
- h2 = d2;
15143
- h3 = d3;
15144
- h4 = d4;
15145
- h5 = d5;
15146
- h6 = d6;
15147
- h7 = d7;
15148
- h8 = d8;
15149
- h9 = d9;
15150
-
15151
- mpos += 16;
15152
- bytes -= 16;
15153
- }
15154
- this.h[0] = h0;
15155
- this.h[1] = h1;
15156
- this.h[2] = h2;
15157
- this.h[3] = h3;
15158
- this.h[4] = h4;
15159
- this.h[5] = h5;
15160
- this.h[6] = h6;
15161
- this.h[7] = h7;
15162
- this.h[8] = h8;
15163
- this.h[9] = h9;
15164
- };
15165
-
15166
- poly1305.prototype.finish = function(mac, macpos) {
15167
- var g = new Uint16Array(10);
15168
- var c, mask, f, i;
15169
-
15170
- if (this.leftover) {
15171
- i = this.leftover;
15172
- this.buffer[i++] = 1;
15173
- for (; i < 16; i++) this.buffer[i] = 0;
15174
- this.fin = 1;
15175
- this.blocks(this.buffer, 0, 16);
15176
- }
15177
-
15178
- c = this.h[1] >>> 13;
15179
- this.h[1] &= 0x1fff;
15180
- for (i = 2; i < 10; i++) {
15181
- this.h[i] += c;
15182
- c = this.h[i] >>> 13;
15183
- this.h[i] &= 0x1fff;
15184
- }
15185
- this.h[0] += (c * 5);
15186
- c = this.h[0] >>> 13;
15187
- this.h[0] &= 0x1fff;
15188
- this.h[1] += c;
15189
- c = this.h[1] >>> 13;
15190
- this.h[1] &= 0x1fff;
15191
- this.h[2] += c;
15192
-
15193
- g[0] = this.h[0] + 5;
15194
- c = g[0] >>> 13;
15195
- g[0] &= 0x1fff;
15196
- for (i = 1; i < 10; i++) {
15197
- g[i] = this.h[i] + c;
15198
- c = g[i] >>> 13;
15199
- g[i] &= 0x1fff;
15200
- }
15201
- g[9] -= (1 << 13);
15202
-
15203
- mask = (c ^ 1) - 1;
15204
- for (i = 0; i < 10; i++) g[i] &= mask;
15205
- mask = ~mask;
15206
- for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i];
15207
-
15208
- this.h[0] = ((this.h[0] ) | (this.h[1] << 13) ) & 0xffff;
15209
- this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10) ) & 0xffff;
15210
- this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7) ) & 0xffff;
15211
- this.h[3] = ((this.h[3] >>> 9) | (this.h[4] << 4) ) & 0xffff;
15212
- this.h[4] = ((this.h[4] >>> 12) | (this.h[5] << 1) | (this.h[6] << 14)) & 0xffff;
15213
- this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11) ) & 0xffff;
15214
- this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8) ) & 0xffff;
15215
- this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5) ) & 0xffff;
15216
-
15217
- f = this.h[0] + this.pad[0];
15218
- this.h[0] = f & 0xffff;
15219
- for (i = 1; i < 8; i++) {
15220
- f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0;
15221
- this.h[i] = f & 0xffff;
15222
- }
15223
-
15224
- mac[macpos+ 0] = (this.h[0] >>> 0) & 0xff;
15225
- mac[macpos+ 1] = (this.h[0] >>> 8) & 0xff;
15226
- mac[macpos+ 2] = (this.h[1] >>> 0) & 0xff;
15227
- mac[macpos+ 3] = (this.h[1] >>> 8) & 0xff;
15228
- mac[macpos+ 4] = (this.h[2] >>> 0) & 0xff;
15229
- mac[macpos+ 5] = (this.h[2] >>> 8) & 0xff;
15230
- mac[macpos+ 6] = (this.h[3] >>> 0) & 0xff;
15231
- mac[macpos+ 7] = (this.h[3] >>> 8) & 0xff;
15232
- mac[macpos+ 8] = (this.h[4] >>> 0) & 0xff;
15233
- mac[macpos+ 9] = (this.h[4] >>> 8) & 0xff;
15234
- mac[macpos+10] = (this.h[5] >>> 0) & 0xff;
15235
- mac[macpos+11] = (this.h[5] >>> 8) & 0xff;
15236
- mac[macpos+12] = (this.h[6] >>> 0) & 0xff;
15237
- mac[macpos+13] = (this.h[6] >>> 8) & 0xff;
15238
- mac[macpos+14] = (this.h[7] >>> 0) & 0xff;
15239
- mac[macpos+15] = (this.h[7] >>> 8) & 0xff;
15240
- };
15241
-
15242
- poly1305.prototype.update = function(m, mpos, bytes) {
15243
- var i, want;
15244
-
15245
- if (this.leftover) {
15246
- want = (16 - this.leftover);
15247
- if (want > bytes)
15248
- want = bytes;
15249
- for (i = 0; i < want; i++)
15250
- this.buffer[this.leftover + i] = m[mpos+i];
15251
- bytes -= want;
15252
- mpos += want;
15253
- this.leftover += want;
15254
- if (this.leftover < 16)
15255
- return;
15256
- this.blocks(this.buffer, 0, 16);
15257
- this.leftover = 0;
15258
- }
15259
-
15260
- if (bytes >= 16) {
15261
- want = bytes - (bytes % 16);
15262
- this.blocks(m, mpos, want);
15263
- mpos += want;
15264
- bytes -= want;
15265
- }
15266
-
15267
- if (bytes) {
15268
- for (i = 0; i < bytes; i++)
15269
- this.buffer[this.leftover + i] = m[mpos+i];
15270
- this.leftover += bytes;
15271
- }
15272
- };
15273
-
15274
- function crypto_onetimeauth(out, outpos, m, mpos, n, k) {
15275
- var s = new poly1305(k);
15276
- s.update(m, mpos, n);
15277
- s.finish(out, outpos);
15278
- return 0;
15279
- }
15280
-
15281
- function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {
15282
- var x = new Uint8Array(16);
15283
- crypto_onetimeauth(x,0,m,mpos,n,k);
15284
- return crypto_verify_16(h,hpos,x,0);
15285
- }
15286
-
15287
- function crypto_secretbox(c,m,d,n,k) {
15288
- var i;
15289
- if (d < 32) return -1;
15290
- crypto_stream_xor(c,0,m,0,d,n,k);
15291
- crypto_onetimeauth(c, 16, c, 32, d - 32, c);
15292
- for (i = 0; i < 16; i++) c[i] = 0;
15293
- return 0;
15294
- }
15295
-
15296
- function crypto_secretbox_open(m,c,d,n,k) {
15297
- var i;
15298
- var x = new Uint8Array(32);
15299
- if (d < 32) return -1;
15300
- crypto_stream(x,0,32,n,k);
15301
- if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1;
15302
- crypto_stream_xor(m,0,c,0,d,n,k);
15303
- for (i = 0; i < 32; i++) m[i] = 0;
15304
- return 0;
15305
- }
15306
-
15307
- function set25519(r, a) {
15308
- var i;
15309
- for (i = 0; i < 16; i++) r[i] = a[i]|0;
15310
- }
15311
-
15312
- function car25519(o) {
15313
- var i, v, c = 1;
15314
- for (i = 0; i < 16; i++) {
15315
- v = o[i] + c + 65535;
15316
- c = Math.floor(v / 65536);
15317
- o[i] = v - c * 65536;
15318
- }
15319
- o[0] += c-1 + 37 * (c-1);
15320
- }
15321
-
15322
- function sel25519(p, q, b) {
15323
- var t, c = ~(b-1);
15324
- for (var i = 0; i < 16; i++) {
15325
- t = c & (p[i] ^ q[i]);
15326
- p[i] ^= t;
15327
- q[i] ^= t;
15328
- }
15329
- }
15330
-
15331
- function pack25519(o, n) {
15332
- var i, j, b;
15333
- var m = gf(), t = gf();
15334
- for (i = 0; i < 16; i++) t[i] = n[i];
15335
- car25519(t);
15336
- car25519(t);
15337
- car25519(t);
15338
- for (j = 0; j < 2; j++) {
15339
- m[0] = t[0] - 0xffed;
15340
- for (i = 1; i < 15; i++) {
15341
- m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);
15342
- m[i-1] &= 0xffff;
15343
- }
15344
- m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);
15345
- b = (m[15]>>16) & 1;
15346
- m[14] &= 0xffff;
15347
- sel25519(t, m, 1-b);
15348
- }
15349
- for (i = 0; i < 16; i++) {
15350
- o[2*i] = t[i] & 0xff;
15351
- o[2*i+1] = t[i]>>8;
15352
- }
15353
- }
15354
-
15355
- function neq25519(a, b) {
15356
- var c = new Uint8Array(32), d = new Uint8Array(32);
15357
- pack25519(c, a);
15358
- pack25519(d, b);
15359
- return crypto_verify_32(c, 0, d, 0);
15360
- }
15361
-
15362
- function par25519(a) {
15363
- var d = new Uint8Array(32);
15364
- pack25519(d, a);
15365
- return d[0] & 1;
15366
- }
15367
-
15368
- function unpack25519(o, n) {
15369
- var i;
15370
- for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);
15371
- o[15] &= 0x7fff;
15372
- }
15373
-
15374
- function A(o, a, b) {
15375
- for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];
15376
- }
15377
-
15378
- function Z(o, a, b) {
15379
- for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];
15380
- }
15381
-
15382
- function M(o, a, b) {
15383
- var v, c,
15384
- t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,
15385
- t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,
15386
- t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,
15387
- t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,
15388
- b0 = b[0],
15389
- b1 = b[1],
15390
- b2 = b[2],
15391
- b3 = b[3],
15392
- b4 = b[4],
15393
- b5 = b[5],
15394
- b6 = b[6],
15395
- b7 = b[7],
15396
- b8 = b[8],
15397
- b9 = b[9],
15398
- b10 = b[10],
15399
- b11 = b[11],
15400
- b12 = b[12],
15401
- b13 = b[13],
15402
- b14 = b[14],
15403
- b15 = b[15];
15404
-
15405
- v = a[0];
15406
- t0 += v * b0;
15407
- t1 += v * b1;
15408
- t2 += v * b2;
15409
- t3 += v * b3;
15410
- t4 += v * b4;
15411
- t5 += v * b5;
15412
- t6 += v * b6;
15413
- t7 += v * b7;
15414
- t8 += v * b8;
15415
- t9 += v * b9;
15416
- t10 += v * b10;
15417
- t11 += v * b11;
15418
- t12 += v * b12;
15419
- t13 += v * b13;
15420
- t14 += v * b14;
15421
- t15 += v * b15;
15422
- v = a[1];
15423
- t1 += v * b0;
15424
- t2 += v * b1;
15425
- t3 += v * b2;
15426
- t4 += v * b3;
15427
- t5 += v * b4;
15428
- t6 += v * b5;
15429
- t7 += v * b6;
15430
- t8 += v * b7;
15431
- t9 += v * b8;
15432
- t10 += v * b9;
15433
- t11 += v * b10;
15434
- t12 += v * b11;
15435
- t13 += v * b12;
15436
- t14 += v * b13;
15437
- t15 += v * b14;
15438
- t16 += v * b15;
15439
- v = a[2];
15440
- t2 += v * b0;
15441
- t3 += v * b1;
15442
- t4 += v * b2;
15443
- t5 += v * b3;
15444
- t6 += v * b4;
15445
- t7 += v * b5;
15446
- t8 += v * b6;
15447
- t9 += v * b7;
15448
- t10 += v * b8;
15449
- t11 += v * b9;
15450
- t12 += v * b10;
15451
- t13 += v * b11;
15452
- t14 += v * b12;
15453
- t15 += v * b13;
15454
- t16 += v * b14;
15455
- t17 += v * b15;
15456
- v = a[3];
15457
- t3 += v * b0;
15458
- t4 += v * b1;
15459
- t5 += v * b2;
15460
- t6 += v * b3;
15461
- t7 += v * b4;
15462
- t8 += v * b5;
15463
- t9 += v * b6;
15464
- t10 += v * b7;
15465
- t11 += v * b8;
15466
- t12 += v * b9;
15467
- t13 += v * b10;
15468
- t14 += v * b11;
15469
- t15 += v * b12;
15470
- t16 += v * b13;
15471
- t17 += v * b14;
15472
- t18 += v * b15;
15473
- v = a[4];
15474
- t4 += v * b0;
15475
- t5 += v * b1;
15476
- t6 += v * b2;
15477
- t7 += v * b3;
15478
- t8 += v * b4;
15479
- t9 += v * b5;
15480
- t10 += v * b6;
15481
- t11 += v * b7;
15482
- t12 += v * b8;
15483
- t13 += v * b9;
15484
- t14 += v * b10;
15485
- t15 += v * b11;
15486
- t16 += v * b12;
15487
- t17 += v * b13;
15488
- t18 += v * b14;
15489
- t19 += v * b15;
15490
- v = a[5];
15491
- t5 += v * b0;
15492
- t6 += v * b1;
15493
- t7 += v * b2;
15494
- t8 += v * b3;
15495
- t9 += v * b4;
15496
- t10 += v * b5;
15497
- t11 += v * b6;
15498
- t12 += v * b7;
15499
- t13 += v * b8;
15500
- t14 += v * b9;
15501
- t15 += v * b10;
15502
- t16 += v * b11;
15503
- t17 += v * b12;
15504
- t18 += v * b13;
15505
- t19 += v * b14;
15506
- t20 += v * b15;
15507
- v = a[6];
15508
- t6 += v * b0;
15509
- t7 += v * b1;
15510
- t8 += v * b2;
15511
- t9 += v * b3;
15512
- t10 += v * b4;
15513
- t11 += v * b5;
15514
- t12 += v * b6;
15515
- t13 += v * b7;
15516
- t14 += v * b8;
15517
- t15 += v * b9;
15518
- t16 += v * b10;
15519
- t17 += v * b11;
15520
- t18 += v * b12;
15521
- t19 += v * b13;
15522
- t20 += v * b14;
15523
- t21 += v * b15;
15524
- v = a[7];
15525
- t7 += v * b0;
15526
- t8 += v * b1;
15527
- t9 += v * b2;
15528
- t10 += v * b3;
15529
- t11 += v * b4;
15530
- t12 += v * b5;
15531
- t13 += v * b6;
15532
- t14 += v * b7;
15533
- t15 += v * b8;
15534
- t16 += v * b9;
15535
- t17 += v * b10;
15536
- t18 += v * b11;
15537
- t19 += v * b12;
15538
- t20 += v * b13;
15539
- t21 += v * b14;
15540
- t22 += v * b15;
15541
- v = a[8];
15542
- t8 += v * b0;
15543
- t9 += v * b1;
15544
- t10 += v * b2;
15545
- t11 += v * b3;
15546
- t12 += v * b4;
15547
- t13 += v * b5;
15548
- t14 += v * b6;
15549
- t15 += v * b7;
15550
- t16 += v * b8;
15551
- t17 += v * b9;
15552
- t18 += v * b10;
15553
- t19 += v * b11;
15554
- t20 += v * b12;
15555
- t21 += v * b13;
15556
- t22 += v * b14;
15557
- t23 += v * b15;
15558
- v = a[9];
15559
- t9 += v * b0;
15560
- t10 += v * b1;
15561
- t11 += v * b2;
15562
- t12 += v * b3;
15563
- t13 += v * b4;
15564
- t14 += v * b5;
15565
- t15 += v * b6;
15566
- t16 += v * b7;
15567
- t17 += v * b8;
15568
- t18 += v * b9;
15569
- t19 += v * b10;
15570
- t20 += v * b11;
15571
- t21 += v * b12;
15572
- t22 += v * b13;
15573
- t23 += v * b14;
15574
- t24 += v * b15;
15575
- v = a[10];
15576
- t10 += v * b0;
15577
- t11 += v * b1;
15578
- t12 += v * b2;
15579
- t13 += v * b3;
15580
- t14 += v * b4;
15581
- t15 += v * b5;
15582
- t16 += v * b6;
15583
- t17 += v * b7;
15584
- t18 += v * b8;
15585
- t19 += v * b9;
15586
- t20 += v * b10;
15587
- t21 += v * b11;
15588
- t22 += v * b12;
15589
- t23 += v * b13;
15590
- t24 += v * b14;
15591
- t25 += v * b15;
15592
- v = a[11];
15593
- t11 += v * b0;
15594
- t12 += v * b1;
15595
- t13 += v * b2;
15596
- t14 += v * b3;
15597
- t15 += v * b4;
15598
- t16 += v * b5;
15599
- t17 += v * b6;
15600
- t18 += v * b7;
15601
- t19 += v * b8;
15602
- t20 += v * b9;
15603
- t21 += v * b10;
15604
- t22 += v * b11;
15605
- t23 += v * b12;
15606
- t24 += v * b13;
15607
- t25 += v * b14;
15608
- t26 += v * b15;
15609
- v = a[12];
15610
- t12 += v * b0;
15611
- t13 += v * b1;
15612
- t14 += v * b2;
15613
- t15 += v * b3;
15614
- t16 += v * b4;
15615
- t17 += v * b5;
15616
- t18 += v * b6;
15617
- t19 += v * b7;
15618
- t20 += v * b8;
15619
- t21 += v * b9;
15620
- t22 += v * b10;
15621
- t23 += v * b11;
15622
- t24 += v * b12;
15623
- t25 += v * b13;
15624
- t26 += v * b14;
15625
- t27 += v * b15;
15626
- v = a[13];
15627
- t13 += v * b0;
15628
- t14 += v * b1;
15629
- t15 += v * b2;
15630
- t16 += v * b3;
15631
- t17 += v * b4;
15632
- t18 += v * b5;
15633
- t19 += v * b6;
15634
- t20 += v * b7;
15635
- t21 += v * b8;
15636
- t22 += v * b9;
15637
- t23 += v * b10;
15638
- t24 += v * b11;
15639
- t25 += v * b12;
15640
- t26 += v * b13;
15641
- t27 += v * b14;
15642
- t28 += v * b15;
15643
- v = a[14];
15644
- t14 += v * b0;
15645
- t15 += v * b1;
15646
- t16 += v * b2;
15647
- t17 += v * b3;
15648
- t18 += v * b4;
15649
- t19 += v * b5;
15650
- t20 += v * b6;
15651
- t21 += v * b7;
15652
- t22 += v * b8;
15653
- t23 += v * b9;
15654
- t24 += v * b10;
15655
- t25 += v * b11;
15656
- t26 += v * b12;
15657
- t27 += v * b13;
15658
- t28 += v * b14;
15659
- t29 += v * b15;
15660
- v = a[15];
15661
- t15 += v * b0;
15662
- t16 += v * b1;
15663
- t17 += v * b2;
15664
- t18 += v * b3;
15665
- t19 += v * b4;
15666
- t20 += v * b5;
15667
- t21 += v * b6;
15668
- t22 += v * b7;
15669
- t23 += v * b8;
15670
- t24 += v * b9;
15671
- t25 += v * b10;
15672
- t26 += v * b11;
15673
- t27 += v * b12;
15674
- t28 += v * b13;
15675
- t29 += v * b14;
15676
- t30 += v * b15;
15677
-
15678
- t0 += 38 * t16;
15679
- t1 += 38 * t17;
15680
- t2 += 38 * t18;
15681
- t3 += 38 * t19;
15682
- t4 += 38 * t20;
15683
- t5 += 38 * t21;
15684
- t6 += 38 * t22;
15685
- t7 += 38 * t23;
15686
- t8 += 38 * t24;
15687
- t9 += 38 * t25;
15688
- t10 += 38 * t26;
15689
- t11 += 38 * t27;
15690
- t12 += 38 * t28;
15691
- t13 += 38 * t29;
15692
- t14 += 38 * t30;
15693
- // t15 left as is
15694
-
15695
- // first car
15696
- c = 1;
15697
- v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
15698
- v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
15699
- v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
15700
- v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
15701
- v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
15702
- v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
15703
- v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
15704
- v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
15705
- v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
15706
- v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
15707
- v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
15708
- v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
15709
- v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
15710
- v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
15711
- v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
15712
- v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
15713
- t0 += c-1 + 37 * (c-1);
15714
-
15715
- // second car
15716
- c = 1;
15717
- v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
15718
- v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
15719
- v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
15720
- v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
15721
- v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
15722
- v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
15723
- v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
15724
- v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
15725
- v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
15726
- v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
15727
- v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
15728
- v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
15729
- v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
15730
- v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
15731
- v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
15732
- v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
15733
- t0 += c-1 + 37 * (c-1);
15734
-
15735
- o[ 0] = t0;
15736
- o[ 1] = t1;
15737
- o[ 2] = t2;
15738
- o[ 3] = t3;
15739
- o[ 4] = t4;
15740
- o[ 5] = t5;
15741
- o[ 6] = t6;
15742
- o[ 7] = t7;
15743
- o[ 8] = t8;
15744
- o[ 9] = t9;
15745
- o[10] = t10;
15746
- o[11] = t11;
15747
- o[12] = t12;
15748
- o[13] = t13;
15749
- o[14] = t14;
15750
- o[15] = t15;
15751
- }
15752
-
15753
- function S(o, a) {
15754
- M(o, a, a);
15755
- }
15756
-
15757
- function inv25519(o, i) {
15758
- var c = gf();
15759
- var a;
15760
- for (a = 0; a < 16; a++) c[a] = i[a];
15761
- for (a = 253; a >= 0; a--) {
15762
- S(c, c);
15763
- if(a !== 2 && a !== 4) M(c, c, i);
15764
- }
15765
- for (a = 0; a < 16; a++) o[a] = c[a];
15766
- }
15767
-
15768
- function pow2523(o, i) {
15769
- var c = gf();
15770
- var a;
15771
- for (a = 0; a < 16; a++) c[a] = i[a];
15772
- for (a = 250; a >= 0; a--) {
15773
- S(c, c);
15774
- if(a !== 1) M(c, c, i);
15775
- }
15776
- for (a = 0; a < 16; a++) o[a] = c[a];
15777
- }
15778
-
15779
- function crypto_scalarmult(q, n, p) {
15780
- var z = new Uint8Array(32);
15781
- var x = new Float64Array(80), r, i;
15782
- var a = gf(), b = gf(), c = gf(),
15783
- d = gf(), e = gf(), f = gf();
15784
- for (i = 0; i < 31; i++) z[i] = n[i];
15785
- z[31]=(n[31]&127)|64;
15786
- z[0]&=248;
15787
- unpack25519(x,p);
15788
- for (i = 0; i < 16; i++) {
15789
- b[i]=x[i];
15790
- d[i]=a[i]=c[i]=0;
15791
- }
15792
- a[0]=d[0]=1;
15793
- for (i=254; i>=0; --i) {
15794
- r=(z[i>>>3]>>>(i&7))&1;
15795
- sel25519(a,b,r);
15796
- sel25519(c,d,r);
15797
- A(e,a,c);
15798
- Z(a,a,c);
15799
- A(c,b,d);
15800
- Z(b,b,d);
15801
- S(d,e);
15802
- S(f,a);
15803
- M(a,c,a);
15804
- M(c,b,e);
15805
- A(e,a,c);
15806
- Z(a,a,c);
15807
- S(b,a);
15808
- Z(c,d,f);
15809
- M(a,c,_121665);
15810
- A(a,a,d);
15811
- M(c,c,a);
15812
- M(a,d,f);
15813
- M(d,b,x);
15814
- S(b,e);
15815
- sel25519(a,b,r);
15816
- sel25519(c,d,r);
15817
- }
15818
- for (i = 0; i < 16; i++) {
15819
- x[i+16]=a[i];
15820
- x[i+32]=c[i];
15821
- x[i+48]=b[i];
15822
- x[i+64]=d[i];
15823
- }
15824
- var x32 = x.subarray(32);
15825
- var x16 = x.subarray(16);
15826
- inv25519(x32,x32);
15827
- M(x16,x16,x32);
15828
- pack25519(q,x16);
15829
- return 0;
15830
- }
15831
-
15832
- function crypto_scalarmult_base(q, n) {
15833
- return crypto_scalarmult(q, n, _9);
15834
- }
15835
-
15836
- function crypto_box_keypair(y, x) {
15837
- randombytes(x, 32);
15838
- return crypto_scalarmult_base(y, x);
15839
- }
15840
-
15841
- function crypto_box_beforenm(k, y, x) {
15842
- var s = new Uint8Array(32);
15843
- crypto_scalarmult(s, x, y);
15844
- return crypto_core_hsalsa20(k, _0, s, sigma);
15845
- }
15846
-
15847
- var crypto_box_afternm = crypto_secretbox;
15848
- var crypto_box_open_afternm = crypto_secretbox_open;
15849
-
15850
- function crypto_box(c, m, d, n, y, x) {
15851
- var k = new Uint8Array(32);
15852
- crypto_box_beforenm(k, y, x);
15853
- return crypto_box_afternm(c, m, d, n, k);
15854
- }
15855
-
15856
- function crypto_box_open(m, c, d, n, y, x) {
15857
- var k = new Uint8Array(32);
15858
- crypto_box_beforenm(k, y, x);
15859
- return crypto_box_open_afternm(m, c, d, n, k);
15860
- }
15861
-
15862
- var K = [
15863
- 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
15864
- 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
15865
- 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
15866
- 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
15867
- 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
15868
- 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
15869
- 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
15870
- 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
15871
- 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
15872
- 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
15873
- 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
15874
- 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
15875
- 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
15876
- 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
15877
- 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
15878
- 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
15879
- 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
15880
- 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
15881
- 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
15882
- 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
15883
- 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
15884
- 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
15885
- 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
15886
- 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
15887
- 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
15888
- 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
15889
- 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
15890
- 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
15891
- 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
15892
- 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
15893
- 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
15894
- 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
15895
- 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
15896
- 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
15897
- 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
15898
- 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
15899
- 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
15900
- 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
15901
- 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
15902
- 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
15903
- ];
15904
-
15905
- function crypto_hashblocks_hl(hh, hl, m, n) {
15906
- var wh = new Int32Array(16), wl = new Int32Array(16),
15907
- bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,
15908
- bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,
15909
- th, tl, i, j, h, l, a, b, c, d;
15910
-
15911
- var ah0 = hh[0],
15912
- ah1 = hh[1],
15913
- ah2 = hh[2],
15914
- ah3 = hh[3],
15915
- ah4 = hh[4],
15916
- ah5 = hh[5],
15917
- ah6 = hh[6],
15918
- ah7 = hh[7],
15919
-
15920
- al0 = hl[0],
15921
- al1 = hl[1],
15922
- al2 = hl[2],
15923
- al3 = hl[3],
15924
- al4 = hl[4],
15925
- al5 = hl[5],
15926
- al6 = hl[6],
15927
- al7 = hl[7];
15928
-
15929
- var pos = 0;
15930
- while (n >= 128) {
15931
- for (i = 0; i < 16; i++) {
15932
- j = 8 * i + pos;
15933
- wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];
15934
- wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];
15935
- }
15936
- for (i = 0; i < 80; i++) {
15937
- bh0 = ah0;
15938
- bh1 = ah1;
15939
- bh2 = ah2;
15940
- bh3 = ah3;
15941
- bh4 = ah4;
15942
- bh5 = ah5;
15943
- bh6 = ah6;
15944
- bh7 = ah7;
15945
-
15946
- bl0 = al0;
15947
- bl1 = al1;
15948
- bl2 = al2;
15949
- bl3 = al3;
15950
- bl4 = al4;
15951
- bl5 = al5;
15952
- bl6 = al6;
15953
- bl7 = al7;
15954
-
15955
- // add
15956
- h = ah7;
15957
- l = al7;
15958
-
15959
- a = l & 0xffff; b = l >>> 16;
15960
- c = h & 0xffff; d = h >>> 16;
15961
-
15962
- // Sigma1
15963
- h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));
15964
- l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));
15965
-
15966
- a += l & 0xffff; b += l >>> 16;
15967
- c += h & 0xffff; d += h >>> 16;
15968
-
15969
- // Ch
15970
- h = (ah4 & ah5) ^ (~ah4 & ah6);
15971
- l = (al4 & al5) ^ (~al4 & al6);
15972
-
15973
- a += l & 0xffff; b += l >>> 16;
15974
- c += h & 0xffff; d += h >>> 16;
15975
-
15976
- // K
15977
- h = K[i*2];
15978
- l = K[i*2+1];
15979
-
15980
- a += l & 0xffff; b += l >>> 16;
15981
- c += h & 0xffff; d += h >>> 16;
15982
-
15983
- // w
15984
- h = wh[i%16];
15985
- l = wl[i%16];
15986
-
15987
- a += l & 0xffff; b += l >>> 16;
15988
- c += h & 0xffff; d += h >>> 16;
15989
-
15990
- b += a >>> 16;
15991
- c += b >>> 16;
15992
- d += c >>> 16;
15993
-
15994
- th = c & 0xffff | d << 16;
15995
- tl = a & 0xffff | b << 16;
15996
-
15997
- // add
15998
- h = th;
15999
- l = tl;
16000
-
16001
- a = l & 0xffff; b = l >>> 16;
16002
- c = h & 0xffff; d = h >>> 16;
16003
-
16004
- // Sigma0
16005
- h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));
16006
- l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));
16007
-
16008
- a += l & 0xffff; b += l >>> 16;
16009
- c += h & 0xffff; d += h >>> 16;
16010
-
16011
- // Maj
16012
- h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);
16013
- l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);
16014
-
16015
- a += l & 0xffff; b += l >>> 16;
16016
- c += h & 0xffff; d += h >>> 16;
16017
-
16018
- b += a >>> 16;
16019
- c += b >>> 16;
16020
- d += c >>> 16;
16021
-
16022
- bh7 = (c & 0xffff) | (d << 16);
16023
- bl7 = (a & 0xffff) | (b << 16);
16024
-
16025
- // add
16026
- h = bh3;
16027
- l = bl3;
16028
-
16029
- a = l & 0xffff; b = l >>> 16;
16030
- c = h & 0xffff; d = h >>> 16;
16031
-
16032
- h = th;
16033
- l = tl;
16034
-
16035
- a += l & 0xffff; b += l >>> 16;
16036
- c += h & 0xffff; d += h >>> 16;
16037
-
16038
- b += a >>> 16;
16039
- c += b >>> 16;
16040
- d += c >>> 16;
16041
-
16042
- bh3 = (c & 0xffff) | (d << 16);
16043
- bl3 = (a & 0xffff) | (b << 16);
16044
-
16045
- ah1 = bh0;
16046
- ah2 = bh1;
16047
- ah3 = bh2;
16048
- ah4 = bh3;
16049
- ah5 = bh4;
16050
- ah6 = bh5;
16051
- ah7 = bh6;
16052
- ah0 = bh7;
16053
-
16054
- al1 = bl0;
16055
- al2 = bl1;
16056
- al3 = bl2;
16057
- al4 = bl3;
16058
- al5 = bl4;
16059
- al6 = bl5;
16060
- al7 = bl6;
16061
- al0 = bl7;
16062
-
16063
- if (i%16 === 15) {
16064
- for (j = 0; j < 16; j++) {
16065
- // add
16066
- h = wh[j];
16067
- l = wl[j];
16068
-
16069
- a = l & 0xffff; b = l >>> 16;
16070
- c = h & 0xffff; d = h >>> 16;
16071
-
16072
- h = wh[(j+9)%16];
16073
- l = wl[(j+9)%16];
16074
-
16075
- a += l & 0xffff; b += l >>> 16;
16076
- c += h & 0xffff; d += h >>> 16;
16077
-
16078
- // sigma0
16079
- th = wh[(j+1)%16];
16080
- tl = wl[(j+1)%16];
16081
- h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);
16082
- l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));
16083
-
16084
- a += l & 0xffff; b += l >>> 16;
16085
- c += h & 0xffff; d += h >>> 16;
16086
-
16087
- // sigma1
16088
- th = wh[(j+14)%16];
16089
- tl = wl[(j+14)%16];
16090
- h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);
16091
- l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));
16092
-
16093
- a += l & 0xffff; b += l >>> 16;
16094
- c += h & 0xffff; d += h >>> 16;
16095
-
16096
- b += a >>> 16;
16097
- c += b >>> 16;
16098
- d += c >>> 16;
16099
-
16100
- wh[j] = (c & 0xffff) | (d << 16);
16101
- wl[j] = (a & 0xffff) | (b << 16);
16102
- }
16103
- }
16104
- }
16105
-
16106
- // add
16107
- h = ah0;
16108
- l = al0;
16109
-
16110
- a = l & 0xffff; b = l >>> 16;
16111
- c = h & 0xffff; d = h >>> 16;
16112
-
16113
- h = hh[0];
16114
- l = hl[0];
16115
-
16116
- a += l & 0xffff; b += l >>> 16;
16117
- c += h & 0xffff; d += h >>> 16;
16118
-
16119
- b += a >>> 16;
16120
- c += b >>> 16;
16121
- d += c >>> 16;
16122
-
16123
- hh[0] = ah0 = (c & 0xffff) | (d << 16);
16124
- hl[0] = al0 = (a & 0xffff) | (b << 16);
16125
-
16126
- h = ah1;
16127
- l = al1;
16128
-
16129
- a = l & 0xffff; b = l >>> 16;
16130
- c = h & 0xffff; d = h >>> 16;
16131
-
16132
- h = hh[1];
16133
- l = hl[1];
16134
-
16135
- a += l & 0xffff; b += l >>> 16;
16136
- c += h & 0xffff; d += h >>> 16;
16137
-
16138
- b += a >>> 16;
16139
- c += b >>> 16;
16140
- d += c >>> 16;
16141
-
16142
- hh[1] = ah1 = (c & 0xffff) | (d << 16);
16143
- hl[1] = al1 = (a & 0xffff) | (b << 16);
16144
-
16145
- h = ah2;
16146
- l = al2;
16147
-
16148
- a = l & 0xffff; b = l >>> 16;
16149
- c = h & 0xffff; d = h >>> 16;
16150
-
16151
- h = hh[2];
16152
- l = hl[2];
16153
-
16154
- a += l & 0xffff; b += l >>> 16;
16155
- c += h & 0xffff; d += h >>> 16;
16156
-
16157
- b += a >>> 16;
16158
- c += b >>> 16;
16159
- d += c >>> 16;
16160
-
16161
- hh[2] = ah2 = (c & 0xffff) | (d << 16);
16162
- hl[2] = al2 = (a & 0xffff) | (b << 16);
16163
-
16164
- h = ah3;
16165
- l = al3;
16166
-
16167
- a = l & 0xffff; b = l >>> 16;
16168
- c = h & 0xffff; d = h >>> 16;
16169
-
16170
- h = hh[3];
16171
- l = hl[3];
16172
-
16173
- a += l & 0xffff; b += l >>> 16;
16174
- c += h & 0xffff; d += h >>> 16;
16175
-
16176
- b += a >>> 16;
16177
- c += b >>> 16;
16178
- d += c >>> 16;
16179
-
16180
- hh[3] = ah3 = (c & 0xffff) | (d << 16);
16181
- hl[3] = al3 = (a & 0xffff) | (b << 16);
16182
-
16183
- h = ah4;
16184
- l = al4;
16185
-
16186
- a = l & 0xffff; b = l >>> 16;
16187
- c = h & 0xffff; d = h >>> 16;
16188
-
16189
- h = hh[4];
16190
- l = hl[4];
16191
-
16192
- a += l & 0xffff; b += l >>> 16;
16193
- c += h & 0xffff; d += h >>> 16;
16194
-
16195
- b += a >>> 16;
16196
- c += b >>> 16;
16197
- d += c >>> 16;
16198
-
16199
- hh[4] = ah4 = (c & 0xffff) | (d << 16);
16200
- hl[4] = al4 = (a & 0xffff) | (b << 16);
16201
-
16202
- h = ah5;
16203
- l = al5;
16204
-
16205
- a = l & 0xffff; b = l >>> 16;
16206
- c = h & 0xffff; d = h >>> 16;
16207
-
16208
- h = hh[5];
16209
- l = hl[5];
16210
-
16211
- a += l & 0xffff; b += l >>> 16;
16212
- c += h & 0xffff; d += h >>> 16;
16213
-
16214
- b += a >>> 16;
16215
- c += b >>> 16;
16216
- d += c >>> 16;
16217
-
16218
- hh[5] = ah5 = (c & 0xffff) | (d << 16);
16219
- hl[5] = al5 = (a & 0xffff) | (b << 16);
16220
-
16221
- h = ah6;
16222
- l = al6;
16223
-
16224
- a = l & 0xffff; b = l >>> 16;
16225
- c = h & 0xffff; d = h >>> 16;
16226
-
16227
- h = hh[6];
16228
- l = hl[6];
16229
-
16230
- a += l & 0xffff; b += l >>> 16;
16231
- c += h & 0xffff; d += h >>> 16;
16232
-
16233
- b += a >>> 16;
16234
- c += b >>> 16;
16235
- d += c >>> 16;
16236
-
16237
- hh[6] = ah6 = (c & 0xffff) | (d << 16);
16238
- hl[6] = al6 = (a & 0xffff) | (b << 16);
16239
-
16240
- h = ah7;
16241
- l = al7;
16242
-
16243
- a = l & 0xffff; b = l >>> 16;
16244
- c = h & 0xffff; d = h >>> 16;
16245
-
16246
- h = hh[7];
16247
- l = hl[7];
16248
-
16249
- a += l & 0xffff; b += l >>> 16;
16250
- c += h & 0xffff; d += h >>> 16;
16251
-
16252
- b += a >>> 16;
16253
- c += b >>> 16;
16254
- d += c >>> 16;
16255
-
16256
- hh[7] = ah7 = (c & 0xffff) | (d << 16);
16257
- hl[7] = al7 = (a & 0xffff) | (b << 16);
16258
-
16259
- pos += 128;
16260
- n -= 128;
16261
- }
16262
-
16263
- return n;
16264
- }
16265
-
16266
- function crypto_hash(out, m, n) {
16267
- var hh = new Int32Array(8),
16268
- hl = new Int32Array(8),
16269
- x = new Uint8Array(256),
16270
- i, b = n;
16271
-
16272
- hh[0] = 0x6a09e667;
16273
- hh[1] = 0xbb67ae85;
16274
- hh[2] = 0x3c6ef372;
16275
- hh[3] = 0xa54ff53a;
16276
- hh[4] = 0x510e527f;
16277
- hh[5] = 0x9b05688c;
16278
- hh[6] = 0x1f83d9ab;
16279
- hh[7] = 0x5be0cd19;
16280
-
16281
- hl[0] = 0xf3bcc908;
16282
- hl[1] = 0x84caa73b;
16283
- hl[2] = 0xfe94f82b;
16284
- hl[3] = 0x5f1d36f1;
16285
- hl[4] = 0xade682d1;
16286
- hl[5] = 0x2b3e6c1f;
16287
- hl[6] = 0xfb41bd6b;
16288
- hl[7] = 0x137e2179;
16289
-
16290
- crypto_hashblocks_hl(hh, hl, m, n);
16291
- n %= 128;
16292
-
16293
- for (i = 0; i < n; i++) x[i] = m[b-n+i];
16294
- x[n] = 128;
16295
-
16296
- n = 256-128*(n<112?1:0);
16297
- x[n-9] = 0;
16298
- ts64(x, n-8, (b / 0x20000000) | 0, b << 3);
16299
- crypto_hashblocks_hl(hh, hl, x, n);
16300
-
16301
- for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);
16302
-
16303
- return 0;
16304
- }
16305
-
16306
- function add(p, q) {
16307
- var a = gf(), b = gf(), c = gf(),
16308
- d = gf(), e = gf(), f = gf(),
16309
- g = gf(), h = gf(), t = gf();
16310
-
16311
- Z(a, p[1], p[0]);
16312
- Z(t, q[1], q[0]);
16313
- M(a, a, t);
16314
- A(b, p[0], p[1]);
16315
- A(t, q[0], q[1]);
16316
- M(b, b, t);
16317
- M(c, p[3], q[3]);
16318
- M(c, c, D2);
16319
- M(d, p[2], q[2]);
16320
- A(d, d, d);
16321
- Z(e, b, a);
16322
- Z(f, d, c);
16323
- A(g, d, c);
16324
- A(h, b, a);
16325
-
16326
- M(p[0], e, f);
16327
- M(p[1], h, g);
16328
- M(p[2], g, f);
16329
- M(p[3], e, h);
16330
- }
16331
-
16332
- function cswap(p, q, b) {
16333
- var i;
16334
- for (i = 0; i < 4; i++) {
16335
- sel25519(p[i], q[i], b);
16336
- }
16337
- }
16338
-
16339
- function pack(r, p) {
16340
- var tx = gf(), ty = gf(), zi = gf();
16341
- inv25519(zi, p[2]);
16342
- M(tx, p[0], zi);
16343
- M(ty, p[1], zi);
16344
- pack25519(r, ty);
16345
- r[31] ^= par25519(tx) << 7;
16346
- }
16347
-
16348
- function scalarmult(p, q, s) {
16349
- var b, i;
16350
- set25519(p[0], gf0);
16351
- set25519(p[1], gf1);
16352
- set25519(p[2], gf1);
16353
- set25519(p[3], gf0);
16354
- for (i = 255; i >= 0; --i) {
16355
- b = (s[(i/8)|0] >> (i&7)) & 1;
16356
- cswap(p, q, b);
16357
- add(q, p);
16358
- add(p, p);
16359
- cswap(p, q, b);
16360
- }
16361
- }
16362
-
16363
- function scalarbase(p, s) {
16364
- var q = [gf(), gf(), gf(), gf()];
16365
- set25519(q[0], X);
16366
- set25519(q[1], Y);
16367
- set25519(q[2], gf1);
16368
- M(q[3], X, Y);
16369
- scalarmult(p, q, s);
16370
- }
16371
-
16372
- function crypto_sign_keypair(pk, sk, seeded) {
16373
- var d = new Uint8Array(64);
16374
- var p = [gf(), gf(), gf(), gf()];
16375
- var i;
16376
-
16377
- if (!seeded) randombytes(sk, 32);
16378
- crypto_hash(d, sk, 32);
16379
- d[0] &= 248;
16380
- d[31] &= 127;
16381
- d[31] |= 64;
16382
-
16383
- scalarbase(p, d);
16384
- pack(pk, p);
16385
-
16386
- for (i = 0; i < 32; i++) sk[i+32] = pk[i];
16387
- return 0;
16388
- }
16389
-
16390
- var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);
16391
-
16392
- function modL(r, x) {
16393
- var carry, i, j, k;
16394
- for (i = 63; i >= 32; --i) {
16395
- carry = 0;
16396
- for (j = i - 32, k = i - 12; j < k; ++j) {
16397
- x[j] += carry - 16 * x[i] * L[j - (i - 32)];
16398
- carry = Math.floor((x[j] + 128) / 256);
16399
- x[j] -= carry * 256;
16400
- }
16401
- x[j] += carry;
16402
- x[i] = 0;
16403
- }
16404
- carry = 0;
16405
- for (j = 0; j < 32; j++) {
16406
- x[j] += carry - (x[31] >> 4) * L[j];
16407
- carry = x[j] >> 8;
16408
- x[j] &= 255;
16409
- }
16410
- for (j = 0; j < 32; j++) x[j] -= carry * L[j];
16411
- for (i = 0; i < 32; i++) {
16412
- x[i+1] += x[i] >> 8;
16413
- r[i] = x[i] & 255;
16414
- }
16415
- }
16416
-
16417
- function reduce(r) {
16418
- var x = new Float64Array(64), i;
16419
- for (i = 0; i < 64; i++) x[i] = r[i];
16420
- for (i = 0; i < 64; i++) r[i] = 0;
16421
- modL(r, x);
16422
- }
16423
-
16424
- // Note: difference from C - smlen returned, not passed as argument.
16425
- function crypto_sign(sm, m, n, sk) {
16426
- var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);
16427
- var i, j, x = new Float64Array(64);
16428
- var p = [gf(), gf(), gf(), gf()];
16429
-
16430
- crypto_hash(d, sk, 32);
16431
- d[0] &= 248;
16432
- d[31] &= 127;
16433
- d[31] |= 64;
16434
-
16435
- var smlen = n + 64;
16436
- for (i = 0; i < n; i++) sm[64 + i] = m[i];
16437
- for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];
16438
-
16439
- crypto_hash(r, sm.subarray(32), n+32);
16440
- reduce(r);
16441
- scalarbase(p, r);
16442
- pack(sm, p);
16443
-
16444
- for (i = 32; i < 64; i++) sm[i] = sk[i];
16445
- crypto_hash(h, sm, n + 64);
16446
- reduce(h);
16447
-
16448
- for (i = 0; i < 64; i++) x[i] = 0;
16449
- for (i = 0; i < 32; i++) x[i] = r[i];
16450
- for (i = 0; i < 32; i++) {
16451
- for (j = 0; j < 32; j++) {
16452
- x[i+j] += h[i] * d[j];
16453
- }
16454
- }
16455
-
16456
- modL(sm.subarray(32), x);
16457
- return smlen;
16458
- }
16459
-
16460
- function unpackneg(r, p) {
16461
- var t = gf(), chk = gf(), num = gf(),
16462
- den = gf(), den2 = gf(), den4 = gf(),
16463
- den6 = gf();
16464
-
16465
- set25519(r[2], gf1);
16466
- unpack25519(r[1], p);
16467
- S(num, r[1]);
16468
- M(den, num, D);
16469
- Z(num, num, r[2]);
16470
- A(den, r[2], den);
16471
-
16472
- S(den2, den);
16473
- S(den4, den2);
16474
- M(den6, den4, den2);
16475
- M(t, den6, num);
16476
- M(t, t, den);
16477
-
16478
- pow2523(t, t);
16479
- M(t, t, num);
16480
- M(t, t, den);
16481
- M(t, t, den);
16482
- M(r[0], t, den);
16483
-
16484
- S(chk, r[0]);
16485
- M(chk, chk, den);
16486
- if (neq25519(chk, num)) M(r[0], r[0], I);
16487
-
16488
- S(chk, r[0]);
16489
- M(chk, chk, den);
16490
- if (neq25519(chk, num)) return -1;
16491
-
16492
- if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);
16493
-
16494
- M(r[3], r[0], r[1]);
16495
- return 0;
16496
- }
16497
-
16498
- function crypto_sign_open(m, sm, n, pk) {
16499
- var i;
16500
- var t = new Uint8Array(32), h = new Uint8Array(64);
16501
- var p = [gf(), gf(), gf(), gf()],
16502
- q = [gf(), gf(), gf(), gf()];
16503
-
16504
- if (n < 64) return -1;
16505
-
16506
- if (unpackneg(q, pk)) return -1;
16507
-
16508
- for (i = 0; i < n; i++) m[i] = sm[i];
16509
- for (i = 0; i < 32; i++) m[i+32] = pk[i];
16510
- crypto_hash(h, m, n);
16511
- reduce(h);
16512
- scalarmult(p, q, h);
16513
-
16514
- scalarbase(q, sm.subarray(32));
16515
- add(p, q);
16516
- pack(t, p);
16517
-
16518
- n -= 64;
16519
- if (crypto_verify_32(sm, 0, t, 0)) {
16520
- for (i = 0; i < n; i++) m[i] = 0;
16521
- return -1;
16522
- }
16523
-
16524
- for (i = 0; i < n; i++) m[i] = sm[i + 64];
16525
- return n;
16526
- }
16527
-
16528
- var crypto_secretbox_KEYBYTES = 32,
16529
- crypto_secretbox_NONCEBYTES = 24,
16530
- crypto_secretbox_ZEROBYTES = 32,
16531
- crypto_secretbox_BOXZEROBYTES = 16,
16532
- crypto_scalarmult_BYTES = 32,
16533
- crypto_scalarmult_SCALARBYTES = 32,
16534
- crypto_box_PUBLICKEYBYTES = 32,
16535
- crypto_box_SECRETKEYBYTES = 32,
16536
- crypto_box_BEFORENMBYTES = 32,
16537
- crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES,
16538
- crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES,
16539
- crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES,
16540
- crypto_sign_BYTES = 64,
16541
- crypto_sign_PUBLICKEYBYTES = 32,
16542
- crypto_sign_SECRETKEYBYTES = 64,
16543
- crypto_sign_SEEDBYTES = 32,
16544
- crypto_hash_BYTES = 64;
16545
-
16546
- nacl.lowlevel = {
16547
- crypto_core_hsalsa20: crypto_core_hsalsa20,
16548
- crypto_stream_xor: crypto_stream_xor,
16549
- crypto_stream: crypto_stream,
16550
- crypto_stream_salsa20_xor: crypto_stream_salsa20_xor,
16551
- crypto_stream_salsa20: crypto_stream_salsa20,
16552
- crypto_onetimeauth: crypto_onetimeauth,
16553
- crypto_onetimeauth_verify: crypto_onetimeauth_verify,
16554
- crypto_verify_16: crypto_verify_16,
16555
- crypto_verify_32: crypto_verify_32,
16556
- crypto_secretbox: crypto_secretbox,
16557
- crypto_secretbox_open: crypto_secretbox_open,
16558
- crypto_scalarmult: crypto_scalarmult,
16559
- crypto_scalarmult_base: crypto_scalarmult_base,
16560
- crypto_box_beforenm: crypto_box_beforenm,
16561
- crypto_box_afternm: crypto_box_afternm,
16562
- crypto_box: crypto_box,
16563
- crypto_box_open: crypto_box_open,
16564
- crypto_box_keypair: crypto_box_keypair,
16565
- crypto_hash: crypto_hash,
16566
- crypto_sign: crypto_sign,
16567
- crypto_sign_keypair: crypto_sign_keypair,
16568
- crypto_sign_open: crypto_sign_open,
16569
-
16570
- crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES,
16571
- crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES,
16572
- crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES,
16573
- crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES,
16574
- crypto_scalarmult_BYTES: crypto_scalarmult_BYTES,
16575
- crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES,
16576
- crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES,
16577
- crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES,
16578
- crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES,
16579
- crypto_box_NONCEBYTES: crypto_box_NONCEBYTES,
16580
- crypto_box_ZEROBYTES: crypto_box_ZEROBYTES,
16581
- crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES,
16582
- crypto_sign_BYTES: crypto_sign_BYTES,
16583
- crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES,
16584
- crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,
16585
- crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES,
16586
- crypto_hash_BYTES: crypto_hash_BYTES,
16587
-
16588
- gf: gf,
16589
- D: D,
16590
- L: L,
16591
- pack25519: pack25519,
16592
- unpack25519: unpack25519,
16593
- M: M,
16594
- A: A,
16595
- S: S,
16596
- Z: Z,
16597
- pow2523: pow2523,
16598
- add: add,
16599
- set25519: set25519,
16600
- modL: modL,
16601
- scalarmult: scalarmult,
16602
- scalarbase: scalarbase,
16603
- };
16604
-
16605
- /* High-level API */
16606
-
16607
- function checkLengths(k, n) {
16608
- if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size');
16609
- if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size');
16610
- }
16611
-
16612
- function checkBoxLengths(pk, sk) {
16613
- if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size');
16614
- if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');
16615
- }
16616
-
16617
- function checkArrayTypes() {
16618
- for (var i = 0; i < arguments.length; i++) {
16619
- if (!(arguments[i] instanceof Uint8Array))
16620
- throw new TypeError('unexpected type, use Uint8Array');
16621
- }
16622
- }
16623
-
16624
- function cleanup(arr) {
16625
- for (var i = 0; i < arr.length; i++) arr[i] = 0;
16626
- }
16627
-
16628
- nacl.randomBytes = function(n) {
16629
- var b = new Uint8Array(n);
16630
- randombytes(b, n);
16631
- return b;
16632
- };
16633
-
16634
- nacl.secretbox = function(msg, nonce, key) {
16635
- checkArrayTypes(msg, nonce, key);
16636
- checkLengths(key, nonce);
16637
- var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);
16638
- var c = new Uint8Array(m.length);
16639
- for (var i = 0; i < msg.length; i++) m[i+crypto_secretbox_ZEROBYTES] = msg[i];
16640
- crypto_secretbox(c, m, m.length, nonce, key);
16641
- return c.subarray(crypto_secretbox_BOXZEROBYTES);
16642
- };
16643
-
16644
- nacl.secretbox.open = function(box, nonce, key) {
16645
- checkArrayTypes(box, nonce, key);
16646
- checkLengths(key, nonce);
16647
- var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);
16648
- var m = new Uint8Array(c.length);
16649
- for (var i = 0; i < box.length; i++) c[i+crypto_secretbox_BOXZEROBYTES] = box[i];
16650
- if (c.length < 32) return null;
16651
- if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null;
16652
- return m.subarray(crypto_secretbox_ZEROBYTES);
16653
- };
16654
-
16655
- nacl.secretbox.keyLength = crypto_secretbox_KEYBYTES;
16656
- nacl.secretbox.nonceLength = crypto_secretbox_NONCEBYTES;
16657
- nacl.secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES;
16658
-
16659
- nacl.scalarMult = function(n, p) {
16660
- checkArrayTypes(n, p);
16661
- if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
16662
- if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');
16663
- var q = new Uint8Array(crypto_scalarmult_BYTES);
16664
- crypto_scalarmult(q, n, p);
16665
- return q;
16666
- };
16667
-
16668
- nacl.scalarMult.base = function(n) {
16669
- checkArrayTypes(n);
16670
- if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
16671
- var q = new Uint8Array(crypto_scalarmult_BYTES);
16672
- crypto_scalarmult_base(q, n);
16673
- return q;
16674
- };
16675
-
16676
- nacl.scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES;
16677
- nacl.scalarMult.groupElementLength = crypto_scalarmult_BYTES;
16678
-
16679
- nacl.box = function(msg, nonce, publicKey, secretKey) {
16680
- var k = nacl.box.before(publicKey, secretKey);
16681
- return nacl.secretbox(msg, nonce, k);
16682
- };
16683
-
16684
- nacl.box.before = function(publicKey, secretKey) {
16685
- checkArrayTypes(publicKey, secretKey);
16686
- checkBoxLengths(publicKey, secretKey);
16687
- var k = new Uint8Array(crypto_box_BEFORENMBYTES);
16688
- crypto_box_beforenm(k, publicKey, secretKey);
16689
- return k;
16690
- };
16691
-
16692
- nacl.box.after = nacl.secretbox;
16693
-
16694
- nacl.box.open = function(msg, nonce, publicKey, secretKey) {
16695
- var k = nacl.box.before(publicKey, secretKey);
16696
- return nacl.secretbox.open(msg, nonce, k);
16697
- };
16698
-
16699
- nacl.box.open.after = nacl.secretbox.open;
16700
-
16701
- nacl.box.keyPair = function() {
16702
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
16703
- var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);
16704
- crypto_box_keypair(pk, sk);
16705
- return {publicKey: pk, secretKey: sk};
16706
- };
16707
-
16708
- nacl.box.keyPair.fromSecretKey = function(secretKey) {
16709
- checkArrayTypes(secretKey);
16710
- if (secretKey.length !== crypto_box_SECRETKEYBYTES)
16711
- throw new Error('bad secret key size');
16712
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
16713
- crypto_scalarmult_base(pk, secretKey);
16714
- return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
16715
- };
16716
-
16717
- nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES;
16718
- nacl.box.secretKeyLength = crypto_box_SECRETKEYBYTES;
16719
- nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES;
16720
- nacl.box.nonceLength = crypto_box_NONCEBYTES;
16721
- nacl.box.overheadLength = nacl.secretbox.overheadLength;
16722
-
16723
- nacl.sign = function(msg, secretKey) {
16724
- checkArrayTypes(msg, secretKey);
16725
- if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
16726
- throw new Error('bad secret key size');
16727
- var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);
16728
- crypto_sign(signedMsg, msg, msg.length, secretKey);
16729
- return signedMsg;
16730
- };
16731
-
16732
- nacl.sign.open = function(signedMsg, publicKey) {
16733
- checkArrayTypes(signedMsg, publicKey);
16734
- if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
16735
- throw new Error('bad public key size');
16736
- var tmp = new Uint8Array(signedMsg.length);
16737
- var mlen = crypto_sign_open(tmp, signedMsg, signedMsg.length, publicKey);
16738
- if (mlen < 0) return null;
16739
- var m = new Uint8Array(mlen);
16740
- for (var i = 0; i < m.length; i++) m[i] = tmp[i];
16741
- return m;
16742
- };
16743
-
16744
- nacl.sign.detached = function(msg, secretKey) {
16745
- var signedMsg = nacl.sign(msg, secretKey);
16746
- var sig = new Uint8Array(crypto_sign_BYTES);
16747
- for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];
16748
- return sig;
16749
- };
16750
-
16751
- nacl.sign.detached.verify = function(msg, sig, publicKey) {
16752
- checkArrayTypes(msg, sig, publicKey);
16753
- if (sig.length !== crypto_sign_BYTES)
16754
- throw new Error('bad signature size');
16755
- if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
16756
- throw new Error('bad public key size');
16757
- var sm = new Uint8Array(crypto_sign_BYTES + msg.length);
16758
- var m = new Uint8Array(crypto_sign_BYTES + msg.length);
16759
- var i;
16760
- for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];
16761
- for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];
16762
- return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);
16763
- };
16764
-
16765
- nacl.sign.keyPair = function() {
16766
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16767
- var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
16768
- crypto_sign_keypair(pk, sk);
16769
- return {publicKey: pk, secretKey: sk};
16770
- };
16771
-
16772
- nacl.sign.keyPair.fromSecretKey = function(secretKey) {
16773
- checkArrayTypes(secretKey);
16774
- if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
16775
- throw new Error('bad secret key size');
16776
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16777
- for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];
16778
- return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
16779
- };
16780
-
16781
- nacl.sign.keyPair.fromSeed = function(seed) {
16782
- checkArrayTypes(seed);
16783
- if (seed.length !== crypto_sign_SEEDBYTES)
16784
- throw new Error('bad seed size');
16785
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16786
- var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
16787
- for (var i = 0; i < 32; i++) sk[i] = seed[i];
16788
- crypto_sign_keypair(pk, sk, true);
16789
- return {publicKey: pk, secretKey: sk};
16790
- };
16791
-
16792
- nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
16793
- nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;
16794
- nacl.sign.seedLength = crypto_sign_SEEDBYTES;
16795
- nacl.sign.signatureLength = crypto_sign_BYTES;
16796
-
16797
- nacl.hash = function(msg) {
16798
- checkArrayTypes(msg);
16799
- var h = new Uint8Array(crypto_hash_BYTES);
16800
- crypto_hash(h, msg, msg.length);
16801
- return h;
16802
- };
16803
-
16804
- nacl.hash.hashLength = crypto_hash_BYTES;
16805
-
16806
- nacl.verify = function(x, y) {
16807
- checkArrayTypes(x, y);
16808
- // Zero length arguments are considered not equal.
16809
- if (x.length === 0 || y.length === 0) return false;
16810
- if (x.length !== y.length) return false;
16811
- return (vn(x, 0, y, 0, x.length) === 0) ? true : false;
16812
- };
16813
-
16814
- nacl.setPRNG = function(fn) {
16815
- randombytes = fn;
16816
- };
16817
-
16818
- (function() {
16819
- // Initialize PRNG if environment provides CSPRNG.
16820
- // If not, methods calling randombytes will throw.
16821
- var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;
16822
- if (crypto && crypto.getRandomValues) {
16823
- // Browsers.
16824
- var QUOTA = 65536;
16825
- nacl.setPRNG(function(x, n) {
16826
- var i, v = new Uint8Array(n);
16827
- for (i = 0; i < n; i += QUOTA) {
16828
- crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));
16829
- }
16830
- for (i = 0; i < n; i++) x[i] = v[i];
16831
- cleanup(v);
16832
- });
16833
- } else if (typeof commonjsRequire !== 'undefined') {
16834
- // Node.js.
16835
- crypto = require$$0;
16836
- if (crypto && crypto.randomBytes) {
16837
- nacl.setPRNG(function(x, n) {
16838
- var i, v = crypto.randomBytes(n);
16839
- for (i = 0; i < n; i++) x[i] = v[i];
16840
- cleanup(v);
16841
- });
16842
- }
16843
- }
16844
- })();
16845
-
16846
- })(module.exports ? module.exports : (self.nacl = self.nacl || {}));
16847
- } (naclFast));
16848
- return naclFast.exports;
16849
- }
16850
-
16851
- var naclFastExports = requireNaclFast();
16852
- var nacl = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports);
16853
-
16854
14478
  const DEVICE_ID_KEY = 'poofnet:deviceId';
16855
14479
  const WALLETS_KEY = (appId) => `poofnet:mockWallets:${appId}`;
16856
14480
  const AUTH_METHOD = 'poofnet-mock';
@@ -18456,7 +16080,7 @@ async function loadDependencies() {
18456
16080
  const [reactModule, reactDomModule, phantomModule] = await Promise.all([
18457
16081
  import('react'),
18458
16082
  import('react-dom/client'),
18459
- import('./index-Bop7HFA-.esm.js')
16083
+ import('./index-BmRFzihw.esm.js')
18460
16084
  ]);
18461
16085
  // Extract default export from ESM module namespace
18462
16086
  // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -18907,19 +16531,9 @@ class PhantomWalletProvider {
18907
16531
  that.awaitTopLevelConnect();
18908
16532
  return;
18909
16533
  }
18910
- // C2: pre-warm Chrome's Local Network Access permission inside the
18911
- // tap gesture, so its prompt appears up-front instead of on return
18912
- // from the wallet (MWA opens a ws://localhost reflector only after
18913
- // the app-switch, which is why the prompt currently lands on return).
18914
- // Best-effort, Android top-level only. DEVICE-TEST: confirm Chrome
18915
- // grants this per-origin (so MWA's later random-port socket reuses
18916
- // it). If LNA turns out to be per-port, this won't pre-grant — cut it.
18917
- if (detectAndroid() && typeof WebSocket !== 'undefined') {
18918
- try {
18919
- new WebSocket('ws://localhost:1');
18920
- }
18921
- catch ( /* noop */_a) { /* noop */ }
18922
- }
16534
+ // LNA permission is handled by @solana-mobile/wallet-standard-mobile
16535
+ // >=0.5.0's checkLocalNetworkAccessPermission (three-stage UX, fired
16536
+ // before the localhost reflector opens). No homemade pre-warm needed.
18923
16537
  if (that.onSwitchToMWA) {
18924
16538
  try {
18925
16539
  const mwaProvider = await that.onSwitchToMWA();
@@ -23222,26 +20836,16 @@ function requireSrc () {
23222
20836
  return src;
23223
20837
  }
23224
20838
 
23225
- var bs58;
23226
- var hasRequiredBs58;
23227
-
23228
- function requireBs58 () {
23229
- if (hasRequiredBs58) return bs58;
23230
- hasRequiredBs58 = 1;
23231
- var basex = requireSrc();
23232
- var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
23233
-
23234
- bs58 = basex(ALPHABET);
23235
- return bs58;
23236
- }
20839
+ var srcExports = requireSrc();
20840
+ var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
23237
20841
 
23238
- var bs58Exports = requireBs58();
23239
- var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
20842
+ var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
20843
+ var base58 = basex(ALPHABET);
23240
20844
 
23241
- var index = /*#__PURE__*/_mergeNamespaces({
20845
+ var index = /*#__PURE__*/Object.freeze({
23242
20846
  __proto__: null,
23243
20847
  default: base58
23244
- }, [bs58Exports]);
20848
+ });
23245
20849
 
23246
20850
  const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
23247
20851
  let React;
@@ -24657,7 +22261,7 @@ async function registerMobileWalletAdapter(config) {
24657
22261
  if (typeof window === 'undefined')
24658
22262
  return;
24659
22263
  try {
24660
- const walletStandardMobile = await import('./index.browser-B-pUCZgP.esm.js');
22264
+ const walletStandardMobile = await import('./index.browser-DA5oVpde.esm.js');
24661
22265
  const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
24662
22266
  if (!registerMwa) {
24663
22267
  console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -24796,7 +22400,7 @@ class SolanaMobileWalletProvider {
24796
22400
  async ensureWallet() {
24797
22401
  if (this.wallet)
24798
22402
  return this.wallet;
24799
- const mod = await import('./index.browser-B-pUCZgP.esm.js');
22403
+ const mod = await import('./index.browser-DA5oVpde.esm.js');
24800
22404
  const chain = mapChainToWalletStandard(this.cluster);
24801
22405
  this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
24802
22406
  appIdentity: this.appIdentity,
@@ -25989,4 +23593,4 @@ class PrivyExpoProvider {
25989
23593
  }
25990
23594
 
25991
23595
  export { genSolanaMessage as $, subscribe as A, useAuth as B, usePoofnetWallet as C, deserializeTransaction as D, getIdToken as E, setPlatform as F, getPlatform as G, PrivyWalletProvider as H, DEFAULT_TEST_ADDRESS as I, isMobileWalletAvailable as J, registerMobileWalletAdapter as K, PrivyExpoProvider as L, MockAuthProvider as M, InsufficientBalanceError as N, OffchainAuthProvider as O, PhantomWalletProvider as P, ServerSessionManager as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, buildSetDocumentsTransaction as T, clearCache as U, closeAllSubscriptions as V, WebSessionManager as W, convertRemainingAccounts as X, createSessionWithPrivy as Y, createSessionWithSignature as Z, genAuthNonce as _, base58 as a, getCachedData as a0, getMany as a1, reconnectWithNewAuth as a2, refreshSession as a3, signSessionCreateMessage as a4, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
25992
- //# sourceMappingURL=index-DGOP9-5L.esm.js.map
23596
+ //# sourceMappingURL=index-Bk0jNQeJ.esm.js.map