@pooflabs/web 0.0.89-rc4 → 0.0.89-rc5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/{index-CEADZ0na.js → index-Aw2d-l7b.js} +2 -2
  2. package/dist/{index-CEADZ0na.js.map → index-Aw2d-l7b.js.map} +1 -1
  3. package/dist/{index-DZhOa-_D.esm.js → index-BFPYOUPB.esm.js} +2 -2
  4. package/dist/{index-Bop7HFA-.esm.js.map → index-BFPYOUPB.esm.js.map} +1 -1
  5. package/dist/{index-DGOP9-5L.esm.js → index-Bk0jNQeJ.esm.js} +74 -2470
  6. package/dist/index-Bk0jNQeJ.esm.js.map +1 -0
  7. package/dist/{index-Bop7HFA-.esm.js → index-BmRFzihw.esm.js} +2 -2
  8. package/dist/{index-DZhOa-_D.esm.js.map → index-BmRFzihw.esm.js.map} +1 -1
  9. package/dist/{index-DHI02_l_.js → index-CNeBXwNA.js} +74 -2470
  10. package/dist/index-CNeBXwNA.js.map +1 -0
  11. package/dist/{index-DS3Ftep_.js → index-t6c_8F1Y.js} +2 -2
  12. package/dist/{index-DS3Ftep_.js.map → index-t6c_8F1Y.js.map} +1 -1
  13. package/dist/{index.browser-0dewreQm.esm.js → index.browser-CPNUnyFN.esm.js} +1104 -503
  14. package/dist/index.browser-CPNUnyFN.esm.js.map +1 -0
  15. package/dist/{index.browser-B-pUCZgP.esm.js → index.browser-DA5oVpde.esm.js} +1574 -1223
  16. package/dist/index.browser-DA5oVpde.esm.js.map +1 -0
  17. package/dist/{index.browser-C9AVHEa4.js → index.browser-DIbh5a17.js} +1573 -1222
  18. package/dist/index.browser-DIbh5a17.js.map +1 -0
  19. package/dist/{index.browser-rhFUHjM1.js → index.browser-DwpTtoZf.js} +1103 -502
  20. package/dist/index.browser-DwpTtoZf.js.map +1 -0
  21. package/dist/index.esm.js +1 -1
  22. package/dist/index.js +1 -1
  23. package/dist/{index.native-CXtxnE1X.esm.js → index.native-BOKZJ7oQ.esm.js} +72 -2458
  24. package/dist/index.native-BOKZJ7oQ.esm.js.map +1 -0
  25. package/dist/{index.native-DzDWIHgW.js → index.native-CJnVdXZz.js} +71 -2457
  26. package/dist/index.native-CJnVdXZz.js.map +1 -0
  27. package/dist/index.native.esm.js +1 -1
  28. package/dist/index.native.js +1 -1
  29. package/dist/{phantom-wallet-provider-SmsVVBCI.esm.js → phantom-wallet-provider-BnoICydP.esm.js} +6 -16
  30. package/dist/phantom-wallet-provider-BnoICydP.esm.js.map +1 -0
  31. package/dist/{phantom-wallet-provider-mA4Yaf-t.js → phantom-wallet-provider-CCu-ugIc.js} +6 -16
  32. package/dist/phantom-wallet-provider-CCu-ugIc.js.map +1 -0
  33. package/dist/{privy-wallet-provider-CHMc_YjB.js → privy-wallet-provider-07Uph-RM.js} +3 -3
  34. package/dist/{privy-wallet-provider-CHMc_YjB.js.map → privy-wallet-provider-07Uph-RM.js.map} +1 -1
  35. package/dist/{privy-wallet-provider-BNPm2WEZ.esm.js → privy-wallet-provider-CZv8FH7R.esm.js} +3 -3
  36. package/dist/{privy-wallet-provider-BNPm2WEZ.esm.js.map → privy-wallet-provider-CZv8FH7R.esm.js.map} +1 -1
  37. package/dist/{solana-mobile-wallet-provider-BMGBQI3W.esm.js → solana-mobile-wallet-provider-7R9pkiw0.esm.js} +3 -3
  38. package/dist/{solana-mobile-wallet-provider-BMGBQI3W.esm.js.map → solana-mobile-wallet-provider-7R9pkiw0.esm.js.map} +1 -1
  39. package/dist/{solana-mobile-wallet-provider-DmBKAypM.js → solana-mobile-wallet-provider-n8aM2vet.js} +3 -3
  40. package/dist/{solana-mobile-wallet-provider-DmBKAypM.js.map → solana-mobile-wallet-provider-n8aM2vet.js.map} +1 -1
  41. package/package.json +2 -2
  42. package/dist/index-DGOP9-5L.esm.js.map +0 -1
  43. package/dist/index-DHI02_l_.js.map +0 -1
  44. package/dist/index.browser-0dewreQm.esm.js.map +0 -1
  45. package/dist/index.browser-B-pUCZgP.esm.js.map +0 -1
  46. package/dist/index.browser-C9AVHEa4.js.map +0 -1
  47. package/dist/index.browser-rhFUHjM1.js.map +0 -1
  48. package/dist/index.native-CXtxnE1X.esm.js.map +0 -1
  49. package/dist/index.native-DzDWIHgW.js.map +0 -1
  50. package/dist/phantom-wallet-provider-SmsVVBCI.esm.js.map +0 -1
  51. package/dist/phantom-wallet-provider-mA4Yaf-t.js.map +0 -1
package/dist/{index-DHI02_l_.js → index-CNeBXwNA.js} RENAMED
@@ -22,21 +22,6 @@ function _interopNamespaceDefault(e) {
22
22
  return Object.freeze(n);
23
23
  }
24
24
 
25
- function _mergeNamespaces(n, m) {
26
- m.forEach(function (e) {
27
- e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
28
- if (k !== 'default' && !(k in n)) {
29
- var d = Object.getOwnPropertyDescriptor(e, k);
30
- Object.defineProperty(n, k, d.get ? d : {
31
- enumerable: true,
32
- get: function () { return e[k]; }
33
- });
34
- }
35
- });
36
- });
37
- return Object.freeze(n);
38
- }
39
-
40
25
  var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
41
26
  var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React$2);
42
27
 
@@ -52,7 +37,7 @@ function commonjsRequire(path) {
52
37
  throw new Error('Could not dynamically require "' + path + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.');
53
38
  }
54
39
 
55
- var naclFast$1 = {exports: {}};
40
+ var naclFast = {exports: {}};
56
41
 
57
42
  var _nodeResolve_empty = {};
58
43
 
@@ -63,11 +48,11 @@ var _nodeResolve_empty$1 = /*#__PURE__*/Object.freeze({
63
48
 
64
49
  var require$$0 = /*@__PURE__*/getDefaultExportFromNamespaceIfNotNamed(_nodeResolve_empty$1);
65
50
 
66
- var hasRequiredNaclFast$1;
51
+ var hasRequiredNaclFast;
67
52
 
68
- function requireNaclFast$1 () {
69
- if (hasRequiredNaclFast$1) return naclFast$1.exports;
70
- hasRequiredNaclFast$1 = 1;
53
+ function requireNaclFast () {
54
+ if (hasRequiredNaclFast) return naclFast.exports;
55
+ hasRequiredNaclFast = 1;
71
56
  (function (module) {
72
57
  (function(nacl) {
73
58
 
@@ -2459,12 +2444,12 @@ function requireNaclFast$1 () {
2459
2444
  })();
2460
2445
 
2461
2446
  })(module.exports ? module.exports : (self.nacl = self.nacl || {}));
2462
- } (naclFast$1));
2463
- return naclFast$1.exports;
2447
+ } (naclFast));
2448
+ return naclFast.exports;
2464
2449
  }
2465
2450
 
2466
- var naclFastExports$1 = requireNaclFast$1();
2467
- var nacl$1 = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports$1);
2451
+ var naclFastExports = requireNaclFast();
2452
+ var nacl = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports);
2468
2453
 
2469
2454
  var bn$1 = {exports: {}};
2470
2455
 
@@ -6785,6 +6770,28 @@ class WebSessionManager {
6785
6770
  static async storeSession(address, accessToken, idToken, refreshToken) {
6786
6771
  if (typeof window === "undefined")
6787
6772
  return;
6773
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
6774
+ // to a different wallet than `address`. Prevents races that would otherwise
6775
+ // leave localStorage with mismatched address/token state.
6776
+ try {
6777
+ const payloadB64 = idToken.split(".")[1];
6778
+ if (payloadB64) {
6779
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
6780
+ const tokenWallet = payload["custom:walletAddress"];
6781
+ if (tokenWallet && tokenWallet !== address) {
6782
+ throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
6783
+ }
6784
+ if (!tokenWallet) {
6785
+ console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
6786
+ }
6787
+ }
6788
+ }
6789
+ catch (err) {
6790
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
6791
+ throw err;
6792
+ }
6793
+ console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
6794
+ }
6788
6795
  const config = await getConfig();
6789
6796
  const currentAppId = config.appId;
6790
6797
  localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9483,11 +9490,11 @@ function requireSrc$1 () {
9483
9490
  }
9484
9491
 
9485
9492
  var bs58$1;
9486
- var hasRequiredBs58$1;
9493
+ var hasRequiredBs58;
9487
9494
 
9488
- function requireBs58$1 () {
9489
- if (hasRequiredBs58$1) return bs58$1;
9490
- hasRequiredBs58$1 = 1;
9495
+ function requireBs58 () {
9496
+ if (hasRequiredBs58) return bs58$1;
9497
+ hasRequiredBs58 = 1;
9491
9498
  var basex = requireSrc$1();
9492
9499
  var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
9493
9500
 
@@ -9495,8 +9502,8 @@ function requireBs58$1 () {
9495
9502
  return bs58$1;
9496
9503
  }
9497
9504
 
9498
- var bs58Exports$1 = requireBs58$1();
9499
- var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
9505
+ var bs58Exports = requireBs58();
9506
+ var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
9500
9507
 
9501
9508
  // ─────────────────────────────────────────────────────────────
9502
9509
  // Local implementation of getSimulationComputeUnits
@@ -9758,7 +9765,7 @@ function loadKeypairFromEnv() {
9758
9765
  try {
9759
9766
  const secretKey = secret.trim().startsWith("[")
9760
9767
  ? Uint8Array.from(JSON.parse(secret))
9761
- : bs58$2.decode(secret.trim());
9768
+ : bs58.decode(secret.trim());
9762
9769
  return web3_js.Keypair.fromSecretKey(secretKey);
9763
9770
  }
9764
9771
  catch (err) {
@@ -9794,7 +9801,7 @@ class ServerSessionManager {
9794
9801
  const nonce = await genAuthNonce();
9795
9802
  const message = await genSolanaMessage(address, nonce);
9796
9803
  /* sign the message */
9797
- const sigBytes = nacl$1.sign.detached(new TextEncoder().encode(message), kp.secretKey);
9804
+ const sigBytes = nacl.sign.detached(new TextEncoder().encode(message), kp.secretKey);
9798
9805
  const signature = bufferExports$1.Buffer.from(sigBytes).toString("base64");
9799
9806
  /* call auth API */
9800
9807
  const { accessToken, idToken, refreshToken, } = await createSessionWithSignature(address, message, signature);
@@ -11703,6 +11710,28 @@ class ReactNativeSessionManager {
11703
11710
  /* STORE */
11704
11711
  /* ------------------------------------------------------------------ */
11705
11712
  static async storeSession(address, accessToken, idToken, refreshToken) {
11713
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
11714
+ // to a different wallet than `address`. Prevents races that would otherwise
11715
+ // leave storage with mismatched address/token state.
11716
+ try {
11717
+ const payloadB64 = idToken.split(".")[1];
11718
+ if (payloadB64) {
11719
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
11720
+ const tokenWallet = payload["custom:walletAddress"];
11721
+ if (tokenWallet && tokenWallet !== address) {
11722
+ throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
11723
+ }
11724
+ if (!tokenWallet) {
11725
+ console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
11726
+ }
11727
+ }
11728
+ }
11729
+ catch (err) {
11730
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
11731
+ throw err;
11732
+ }
11733
+ console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
11734
+ }
11706
11735
  const config = await getConfig();
11707
11736
  const currentAppId = config.appId;
11708
11737
  this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -14467,2411 +14496,6 @@ function requireBuffer () {
14467
14496
 
14468
14497
  var bufferExports = requireBuffer();
14469
14498
 
14470
- var naclFast = {exports: {}};
14471
-
14472
- var hasRequiredNaclFast;
14473
-
14474
- function requireNaclFast () {
14475
- if (hasRequiredNaclFast) return naclFast.exports;
14476
- hasRequiredNaclFast = 1;
14477
- (function (module) {
14478
- (function(nacl) {
14479
-
14480
- // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.
14481
- // Public domain.
14482
- //
14483
- // Implementation derived from TweetNaCl version 20140427.
14484
- // See for details: http://tweetnacl.cr.yp.to/
14485
-
14486
- var gf = function(init) {
14487
- var i, r = new Float64Array(16);
14488
- if (init) for (i = 0; i < init.length; i++) r[i] = init[i];
14489
- return r;
14490
- };
14491
-
14492
- // Pluggable, initialized in high-level API below.
14493
- var randombytes = function(/* x, n */) { throw new Error('no PRNG'); };
14494
-
14495
- var _0 = new Uint8Array(16);
14496
- var _9 = new Uint8Array(32); _9[0] = 9;
14497
-
14498
- var gf0 = gf(),
14499
- gf1 = gf([1]),
14500
- _121665 = gf([0xdb41, 1]),
14501
- D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]),
14502
- D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]),
14503
- X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]),
14504
- Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]),
14505
- I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);
14506
-
14507
- function ts64(x, i, h, l) {
14508
- x[i] = (h >> 24) & 0xff;
14509
- x[i+1] = (h >> 16) & 0xff;
14510
- x[i+2] = (h >> 8) & 0xff;
14511
- x[i+3] = h & 0xff;
14512
- x[i+4] = (l >> 24) & 0xff;
14513
- x[i+5] = (l >> 16) & 0xff;
14514
- x[i+6] = (l >> 8) & 0xff;
14515
- x[i+7] = l & 0xff;
14516
- }
14517
-
14518
- function vn(x, xi, y, yi, n) {
14519
- var i,d = 0;
14520
- for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i];
14521
- return (1 & ((d - 1) >>> 8)) - 1;
14522
- }
14523
-
14524
- function crypto_verify_16(x, xi, y, yi) {
14525
- return vn(x,xi,y,yi,16);
14526
- }
14527
-
14528
- function crypto_verify_32(x, xi, y, yi) {
14529
- return vn(x,xi,y,yi,32);
14530
- }
14531
-
14532
- function core_salsa20(o, p, k, c) {
14533
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,
14534
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,
14535
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,
14536
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,
14537
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,
14538
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,
14539
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,
14540
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,
14541
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,
14542
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,
14543
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,
14544
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,
14545
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,
14546
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,
14547
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,
14548
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;
14549
-
14550
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,
14551
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,
14552
- x15 = j15, u;
14553
-
14554
- for (var i = 0; i < 20; i += 2) {
14555
- u = x0 + x12 | 0;
14556
- x4 ^= u<<7 | u>>>(32-7);
14557
- u = x4 + x0 | 0;
14558
- x8 ^= u<<9 | u>>>(32-9);
14559
- u = x8 + x4 | 0;
14560
- x12 ^= u<<13 | u>>>(32-13);
14561
- u = x12 + x8 | 0;
14562
- x0 ^= u<<18 | u>>>(32-18);
14563
-
14564
- u = x5 + x1 | 0;
14565
- x9 ^= u<<7 | u>>>(32-7);
14566
- u = x9 + x5 | 0;
14567
- x13 ^= u<<9 | u>>>(32-9);
14568
- u = x13 + x9 | 0;
14569
- x1 ^= u<<13 | u>>>(32-13);
14570
- u = x1 + x13 | 0;
14571
- x5 ^= u<<18 | u>>>(32-18);
14572
-
14573
- u = x10 + x6 | 0;
14574
- x14 ^= u<<7 | u>>>(32-7);
14575
- u = x14 + x10 | 0;
14576
- x2 ^= u<<9 | u>>>(32-9);
14577
- u = x2 + x14 | 0;
14578
- x6 ^= u<<13 | u>>>(32-13);
14579
- u = x6 + x2 | 0;
14580
- x10 ^= u<<18 | u>>>(32-18);
14581
-
14582
- u = x15 + x11 | 0;
14583
- x3 ^= u<<7 | u>>>(32-7);
14584
- u = x3 + x15 | 0;
14585
- x7 ^= u<<9 | u>>>(32-9);
14586
- u = x7 + x3 | 0;
14587
- x11 ^= u<<13 | u>>>(32-13);
14588
- u = x11 + x7 | 0;
14589
- x15 ^= u<<18 | u>>>(32-18);
14590
-
14591
- u = x0 + x3 | 0;
14592
- x1 ^= u<<7 | u>>>(32-7);
14593
- u = x1 + x0 | 0;
14594
- x2 ^= u<<9 | u>>>(32-9);
14595
- u = x2 + x1 | 0;
14596
- x3 ^= u<<13 | u>>>(32-13);
14597
- u = x3 + x2 | 0;
14598
- x0 ^= u<<18 | u>>>(32-18);
14599
-
14600
- u = x5 + x4 | 0;
14601
- x6 ^= u<<7 | u>>>(32-7);
14602
- u = x6 + x5 | 0;
14603
- x7 ^= u<<9 | u>>>(32-9);
14604
- u = x7 + x6 | 0;
14605
- x4 ^= u<<13 | u>>>(32-13);
14606
- u = x4 + x7 | 0;
14607
- x5 ^= u<<18 | u>>>(32-18);
14608
-
14609
- u = x10 + x9 | 0;
14610
- x11 ^= u<<7 | u>>>(32-7);
14611
- u = x11 + x10 | 0;
14612
- x8 ^= u<<9 | u>>>(32-9);
14613
- u = x8 + x11 | 0;
14614
- x9 ^= u<<13 | u>>>(32-13);
14615
- u = x9 + x8 | 0;
14616
- x10 ^= u<<18 | u>>>(32-18);
14617
-
14618
- u = x15 + x14 | 0;
14619
- x12 ^= u<<7 | u>>>(32-7);
14620
- u = x12 + x15 | 0;
14621
- x13 ^= u<<9 | u>>>(32-9);
14622
- u = x13 + x12 | 0;
14623
- x14 ^= u<<13 | u>>>(32-13);
14624
- u = x14 + x13 | 0;
14625
- x15 ^= u<<18 | u>>>(32-18);
14626
- }
14627
- x0 = x0 + j0 | 0;
14628
- x1 = x1 + j1 | 0;
14629
- x2 = x2 + j2 | 0;
14630
- x3 = x3 + j3 | 0;
14631
- x4 = x4 + j4 | 0;
14632
- x5 = x5 + j5 | 0;
14633
- x6 = x6 + j6 | 0;
14634
- x7 = x7 + j7 | 0;
14635
- x8 = x8 + j8 | 0;
14636
- x9 = x9 + j9 | 0;
14637
- x10 = x10 + j10 | 0;
14638
- x11 = x11 + j11 | 0;
14639
- x12 = x12 + j12 | 0;
14640
- x13 = x13 + j13 | 0;
14641
- x14 = x14 + j14 | 0;
14642
- x15 = x15 + j15 | 0;
14643
-
14644
- o[ 0] = x0 >>> 0 & 0xff;
14645
- o[ 1] = x0 >>> 8 & 0xff;
14646
- o[ 2] = x0 >>> 16 & 0xff;
14647
- o[ 3] = x0 >>> 24 & 0xff;
14648
-
14649
- o[ 4] = x1 >>> 0 & 0xff;
14650
- o[ 5] = x1 >>> 8 & 0xff;
14651
- o[ 6] = x1 >>> 16 & 0xff;
14652
- o[ 7] = x1 >>> 24 & 0xff;
14653
-
14654
- o[ 8] = x2 >>> 0 & 0xff;
14655
- o[ 9] = x2 >>> 8 & 0xff;
14656
- o[10] = x2 >>> 16 & 0xff;
14657
- o[11] = x2 >>> 24 & 0xff;
14658
-
14659
- o[12] = x3 >>> 0 & 0xff;
14660
- o[13] = x3 >>> 8 & 0xff;
14661
- o[14] = x3 >>> 16 & 0xff;
14662
- o[15] = x3 >>> 24 & 0xff;
14663
-
14664
- o[16] = x4 >>> 0 & 0xff;
14665
- o[17] = x4 >>> 8 & 0xff;
14666
- o[18] = x4 >>> 16 & 0xff;
14667
- o[19] = x4 >>> 24 & 0xff;
14668
-
14669
- o[20] = x5 >>> 0 & 0xff;
14670
- o[21] = x5 >>> 8 & 0xff;
14671
- o[22] = x5 >>> 16 & 0xff;
14672
- o[23] = x5 >>> 24 & 0xff;
14673
-
14674
- o[24] = x6 >>> 0 & 0xff;
14675
- o[25] = x6 >>> 8 & 0xff;
14676
- o[26] = x6 >>> 16 & 0xff;
14677
- o[27] = x6 >>> 24 & 0xff;
14678
-
14679
- o[28] = x7 >>> 0 & 0xff;
14680
- o[29] = x7 >>> 8 & 0xff;
14681
- o[30] = x7 >>> 16 & 0xff;
14682
- o[31] = x7 >>> 24 & 0xff;
14683
-
14684
- o[32] = x8 >>> 0 & 0xff;
14685
- o[33] = x8 >>> 8 & 0xff;
14686
- o[34] = x8 >>> 16 & 0xff;
14687
- o[35] = x8 >>> 24 & 0xff;
14688
-
14689
- o[36] = x9 >>> 0 & 0xff;
14690
- o[37] = x9 >>> 8 & 0xff;
14691
- o[38] = x9 >>> 16 & 0xff;
14692
- o[39] = x9 >>> 24 & 0xff;
14693
-
14694
- o[40] = x10 >>> 0 & 0xff;
14695
- o[41] = x10 >>> 8 & 0xff;
14696
- o[42] = x10 >>> 16 & 0xff;
14697
- o[43] = x10 >>> 24 & 0xff;
14698
-
14699
- o[44] = x11 >>> 0 & 0xff;
14700
- o[45] = x11 >>> 8 & 0xff;
14701
- o[46] = x11 >>> 16 & 0xff;
14702
- o[47] = x11 >>> 24 & 0xff;
14703
-
14704
- o[48] = x12 >>> 0 & 0xff;
14705
- o[49] = x12 >>> 8 & 0xff;
14706
- o[50] = x12 >>> 16 & 0xff;
14707
- o[51] = x12 >>> 24 & 0xff;
14708
-
14709
- o[52] = x13 >>> 0 & 0xff;
14710
- o[53] = x13 >>> 8 & 0xff;
14711
- o[54] = x13 >>> 16 & 0xff;
14712
- o[55] = x13 >>> 24 & 0xff;
14713
-
14714
- o[56] = x14 >>> 0 & 0xff;
14715
- o[57] = x14 >>> 8 & 0xff;
14716
- o[58] = x14 >>> 16 & 0xff;
14717
- o[59] = x14 >>> 24 & 0xff;
14718
-
14719
- o[60] = x15 >>> 0 & 0xff;
14720
- o[61] = x15 >>> 8 & 0xff;
14721
- o[62] = x15 >>> 16 & 0xff;
14722
- o[63] = x15 >>> 24 & 0xff;
14723
- }
14724
-
14725
- function core_hsalsa20(o,p,k,c) {
14726
- var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24,
14727
- j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24,
14728
- j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24,
14729
- j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24,
14730
- j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24,
14731
- j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24,
14732
- j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24,
14733
- j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24,
14734
- j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24,
14735
- j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24,
14736
- j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24,
14737
- j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24,
14738
- j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24,
14739
- j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24,
14740
- j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24,
14741
- j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24;
14742
-
14743
- var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7,
14744
- x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14,
14745
- x15 = j15, u;
14746
-
14747
- for (var i = 0; i < 20; i += 2) {
14748
- u = x0 + x12 | 0;
14749
- x4 ^= u<<7 | u>>>(32-7);
14750
- u = x4 + x0 | 0;
14751
- x8 ^= u<<9 | u>>>(32-9);
14752
- u = x8 + x4 | 0;
14753
- x12 ^= u<<13 | u>>>(32-13);
14754
- u = x12 + x8 | 0;
14755
- x0 ^= u<<18 | u>>>(32-18);
14756
-
14757
- u = x5 + x1 | 0;
14758
- x9 ^= u<<7 | u>>>(32-7);
14759
- u = x9 + x5 | 0;
14760
- x13 ^= u<<9 | u>>>(32-9);
14761
- u = x13 + x9 | 0;
14762
- x1 ^= u<<13 | u>>>(32-13);
14763
- u = x1 + x13 | 0;
14764
- x5 ^= u<<18 | u>>>(32-18);
14765
-
14766
- u = x10 + x6 | 0;
14767
- x14 ^= u<<7 | u>>>(32-7);
14768
- u = x14 + x10 | 0;
14769
- x2 ^= u<<9 | u>>>(32-9);
14770
- u = x2 + x14 | 0;
14771
- x6 ^= u<<13 | u>>>(32-13);
14772
- u = x6 + x2 | 0;
14773
- x10 ^= u<<18 | u>>>(32-18);
14774
-
14775
- u = x15 + x11 | 0;
14776
- x3 ^= u<<7 | u>>>(32-7);
14777
- u = x3 + x15 | 0;
14778
- x7 ^= u<<9 | u>>>(32-9);
14779
- u = x7 + x3 | 0;
14780
- x11 ^= u<<13 | u>>>(32-13);
14781
- u = x11 + x7 | 0;
14782
- x15 ^= u<<18 | u>>>(32-18);
14783
-
14784
- u = x0 + x3 | 0;
14785
- x1 ^= u<<7 | u>>>(32-7);
14786
- u = x1 + x0 | 0;
14787
- x2 ^= u<<9 | u>>>(32-9);
14788
- u = x2 + x1 | 0;
14789
- x3 ^= u<<13 | u>>>(32-13);
14790
- u = x3 + x2 | 0;
14791
- x0 ^= u<<18 | u>>>(32-18);
14792
-
14793
- u = x5 + x4 | 0;
14794
- x6 ^= u<<7 | u>>>(32-7);
14795
- u = x6 + x5 | 0;
14796
- x7 ^= u<<9 | u>>>(32-9);
14797
- u = x7 + x6 | 0;
14798
- x4 ^= u<<13 | u>>>(32-13);
14799
- u = x4 + x7 | 0;
14800
- x5 ^= u<<18 | u>>>(32-18);
14801
-
14802
- u = x10 + x9 | 0;
14803
- x11 ^= u<<7 | u>>>(32-7);
14804
- u = x11 + x10 | 0;
14805
- x8 ^= u<<9 | u>>>(32-9);
14806
- u = x8 + x11 | 0;
14807
- x9 ^= u<<13 | u>>>(32-13);
14808
- u = x9 + x8 | 0;
14809
- x10 ^= u<<18 | u>>>(32-18);
14810
-
14811
- u = x15 + x14 | 0;
14812
- x12 ^= u<<7 | u>>>(32-7);
14813
- u = x12 + x15 | 0;
14814
- x13 ^= u<<9 | u>>>(32-9);
14815
- u = x13 + x12 | 0;
14816
- x14 ^= u<<13 | u>>>(32-13);
14817
- u = x14 + x13 | 0;
14818
- x15 ^= u<<18 | u>>>(32-18);
14819
- }
14820
-
14821
- o[ 0] = x0 >>> 0 & 0xff;
14822
- o[ 1] = x0 >>> 8 & 0xff;
14823
- o[ 2] = x0 >>> 16 & 0xff;
14824
- o[ 3] = x0 >>> 24 & 0xff;
14825
-
14826
- o[ 4] = x5 >>> 0 & 0xff;
14827
- o[ 5] = x5 >>> 8 & 0xff;
14828
- o[ 6] = x5 >>> 16 & 0xff;
14829
- o[ 7] = x5 >>> 24 & 0xff;
14830
-
14831
- o[ 8] = x10 >>> 0 & 0xff;
14832
- o[ 9] = x10 >>> 8 & 0xff;
14833
- o[10] = x10 >>> 16 & 0xff;
14834
- o[11] = x10 >>> 24 & 0xff;
14835
-
14836
- o[12] = x15 >>> 0 & 0xff;
14837
- o[13] = x15 >>> 8 & 0xff;
14838
- o[14] = x15 >>> 16 & 0xff;
14839
- o[15] = x15 >>> 24 & 0xff;
14840
-
14841
- o[16] = x6 >>> 0 & 0xff;
14842
- o[17] = x6 >>> 8 & 0xff;
14843
- o[18] = x6 >>> 16 & 0xff;
14844
- o[19] = x6 >>> 24 & 0xff;
14845
-
14846
- o[20] = x7 >>> 0 & 0xff;
14847
- o[21] = x7 >>> 8 & 0xff;
14848
- o[22] = x7 >>> 16 & 0xff;
14849
- o[23] = x7 >>> 24 & 0xff;
14850
-
14851
- o[24] = x8 >>> 0 & 0xff;
14852
- o[25] = x8 >>> 8 & 0xff;
14853
- o[26] = x8 >>> 16 & 0xff;
14854
- o[27] = x8 >>> 24 & 0xff;
14855
-
14856
- o[28] = x9 >>> 0 & 0xff;
14857
- o[29] = x9 >>> 8 & 0xff;
14858
- o[30] = x9 >>> 16 & 0xff;
14859
- o[31] = x9 >>> 24 & 0xff;
14860
- }
14861
-
14862
- function crypto_core_salsa20(out,inp,k,c) {
14863
- core_salsa20(out,inp,k,c);
14864
- }
14865
-
14866
- function crypto_core_hsalsa20(out,inp,k,c) {
14867
- core_hsalsa20(out,inp,k,c);
14868
- }
14869
-
14870
- var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]);
14871
- // "expand 32-byte k"
14872
-
14873
- function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) {
14874
- var z = new Uint8Array(16), x = new Uint8Array(64);
14875
- var u, i;
14876
- for (i = 0; i < 16; i++) z[i] = 0;
14877
- for (i = 0; i < 8; i++) z[i] = n[i];
14878
- while (b >= 64) {
14879
- crypto_core_salsa20(x,z,k,sigma);
14880
- for (i = 0; i < 64; i++) c[cpos+i] = m[mpos+i] ^ x[i];
14881
- u = 1;
14882
- for (i = 8; i < 16; i++) {
14883
- u = u + (z[i] & 0xff) | 0;
14884
- z[i] = u & 0xff;
14885
- u >>>= 8;
14886
- }
14887
- b -= 64;
14888
- cpos += 64;
14889
- mpos += 64;
14890
- }
14891
- if (b > 0) {
14892
- crypto_core_salsa20(x,z,k,sigma);
14893
- for (i = 0; i < b; i++) c[cpos+i] = m[mpos+i] ^ x[i];
14894
- }
14895
- return 0;
14896
- }
14897
-
14898
- function crypto_stream_salsa20(c,cpos,b,n,k) {
14899
- var z = new Uint8Array(16), x = new Uint8Array(64);
14900
- var u, i;
14901
- for (i = 0; i < 16; i++) z[i] = 0;
14902
- for (i = 0; i < 8; i++) z[i] = n[i];
14903
- while (b >= 64) {
14904
- crypto_core_salsa20(x,z,k,sigma);
14905
- for (i = 0; i < 64; i++) c[cpos+i] = x[i];
14906
- u = 1;
14907
- for (i = 8; i < 16; i++) {
14908
- u = u + (z[i] & 0xff) | 0;
14909
- z[i] = u & 0xff;
14910
- u >>>= 8;
14911
- }
14912
- b -= 64;
14913
- cpos += 64;
14914
- }
14915
- if (b > 0) {
14916
- crypto_core_salsa20(x,z,k,sigma);
14917
- for (i = 0; i < b; i++) c[cpos+i] = x[i];
14918
- }
14919
- return 0;
14920
- }
14921
-
14922
- function crypto_stream(c,cpos,d,n,k) {
14923
- var s = new Uint8Array(32);
14924
- crypto_core_hsalsa20(s,n,k,sigma);
14925
- var sn = new Uint8Array(8);
14926
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];
14927
- return crypto_stream_salsa20(c,cpos,d,sn,s);
14928
- }
14929
-
14930
- function crypto_stream_xor(c,cpos,m,mpos,d,n,k) {
14931
- var s = new Uint8Array(32);
14932
- crypto_core_hsalsa20(s,n,k,sigma);
14933
- var sn = new Uint8Array(8);
14934
- for (var i = 0; i < 8; i++) sn[i] = n[i+16];
14935
- return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,sn,s);
14936
- }
14937
-
14938
- /*
14939
- * Port of Andrew Moon's Poly1305-donna-16. Public domain.
14940
- * https://github.com/floodyberry/poly1305-donna
14941
- */
14942
-
14943
- var poly1305 = function(key) {
14944
- this.buffer = new Uint8Array(16);
14945
- this.r = new Uint16Array(10);
14946
- this.h = new Uint16Array(10);
14947
- this.pad = new Uint16Array(8);
14948
- this.leftover = 0;
14949
- this.fin = 0;
14950
-
14951
- var t0, t1, t2, t3, t4, t5, t6, t7;
14952
-
14953
- t0 = key[ 0] & 0xff | (key[ 1] & 0xff) << 8; this.r[0] = ( t0 ) & 0x1fff;
14954
- t1 = key[ 2] & 0xff | (key[ 3] & 0xff) << 8; this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
14955
- t2 = key[ 4] & 0xff | (key[ 5] & 0xff) << 8; this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;
14956
- t3 = key[ 6] & 0xff | (key[ 7] & 0xff) << 8; this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
14957
- t4 = key[ 8] & 0xff | (key[ 9] & 0xff) << 8; this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff;
14958
- this.r[5] = ((t4 >>> 1)) & 0x1ffe;
14959
- t5 = key[10] & 0xff | (key[11] & 0xff) << 8; this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
14960
- t6 = key[12] & 0xff | (key[13] & 0xff) << 8; this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;
14961
- t7 = key[14] & 0xff | (key[15] & 0xff) << 8; this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
14962
- this.r[9] = ((t7 >>> 5)) & 0x007f;
14963
-
14964
- this.pad[0] = key[16] & 0xff | (key[17] & 0xff) << 8;
14965
- this.pad[1] = key[18] & 0xff | (key[19] & 0xff) << 8;
14966
- this.pad[2] = key[20] & 0xff | (key[21] & 0xff) << 8;
14967
- this.pad[3] = key[22] & 0xff | (key[23] & 0xff) << 8;
14968
- this.pad[4] = key[24] & 0xff | (key[25] & 0xff) << 8;
14969
- this.pad[5] = key[26] & 0xff | (key[27] & 0xff) << 8;
14970
- this.pad[6] = key[28] & 0xff | (key[29] & 0xff) << 8;
14971
- this.pad[7] = key[30] & 0xff | (key[31] & 0xff) << 8;
14972
- };
14973
-
14974
- poly1305.prototype.blocks = function(m, mpos, bytes) {
14975
- var hibit = this.fin ? 0 : (1 << 11);
14976
- var t0, t1, t2, t3, t4, t5, t6, t7, c;
14977
- var d0, d1, d2, d3, d4, d5, d6, d7, d8, d9;
14978
-
14979
- var h0 = this.h[0],
14980
- h1 = this.h[1],
14981
- h2 = this.h[2],
14982
- h3 = this.h[3],
14983
- h4 = this.h[4],
14984
- h5 = this.h[5],
14985
- h6 = this.h[6],
14986
- h7 = this.h[7],
14987
- h8 = this.h[8],
14988
- h9 = this.h[9];
14989
-
14990
- var r0 = this.r[0],
14991
- r1 = this.r[1],
14992
- r2 = this.r[2],
14993
- r3 = this.r[3],
14994
- r4 = this.r[4],
14995
- r5 = this.r[5],
14996
- r6 = this.r[6],
14997
- r7 = this.r[7],
14998
- r8 = this.r[8],
14999
- r9 = this.r[9];
15000
-
15001
- while (bytes >= 16) {
15002
- t0 = m[mpos+ 0] & 0xff | (m[mpos+ 1] & 0xff) << 8; h0 += ( t0 ) & 0x1fff;
15003
- t1 = m[mpos+ 2] & 0xff | (m[mpos+ 3] & 0xff) << 8; h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff;
15004
- t2 = m[mpos+ 4] & 0xff | (m[mpos+ 5] & 0xff) << 8; h2 += ((t1 >>> 10) | (t2 << 6)) & 0x1fff;
15005
- t3 = m[mpos+ 6] & 0xff | (m[mpos+ 7] & 0xff) << 8; h3 += ((t2 >>> 7) | (t3 << 9)) & 0x1fff;
15006
- t4 = m[mpos+ 8] & 0xff | (m[mpos+ 9] & 0xff) << 8; h4 += ((t3 >>> 4) | (t4 << 12)) & 0x1fff;
15007
- h5 += ((t4 >>> 1)) & 0x1fff;
15008
- t5 = m[mpos+10] & 0xff | (m[mpos+11] & 0xff) << 8; h6 += ((t4 >>> 14) | (t5 << 2)) & 0x1fff;
15009
- t6 = m[mpos+12] & 0xff | (m[mpos+13] & 0xff) << 8; h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff;
15010
- t7 = m[mpos+14] & 0xff | (m[mpos+15] & 0xff) << 8; h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff;
15011
- h9 += ((t7 >>> 5)) | hibit;
15012
-
15013
- c = 0;
15014
-
15015
- d0 = c;
15016
- d0 += h0 * r0;
15017
- d0 += h1 * (5 * r9);
15018
- d0 += h2 * (5 * r8);
15019
- d0 += h3 * (5 * r7);
15020
- d0 += h4 * (5 * r6);
15021
- c = (d0 >>> 13); d0 &= 0x1fff;
15022
- d0 += h5 * (5 * r5);
15023
- d0 += h6 * (5 * r4);
15024
- d0 += h7 * (5 * r3);
15025
- d0 += h8 * (5 * r2);
15026
- d0 += h9 * (5 * r1);
15027
- c += (d0 >>> 13); d0 &= 0x1fff;
15028
-
15029
- d1 = c;
15030
- d1 += h0 * r1;
15031
- d1 += h1 * r0;
15032
- d1 += h2 * (5 * r9);
15033
- d1 += h3 * (5 * r8);
15034
- d1 += h4 * (5 * r7);
15035
- c = (d1 >>> 13); d1 &= 0x1fff;
15036
- d1 += h5 * (5 * r6);
15037
- d1 += h6 * (5 * r5);
15038
- d1 += h7 * (5 * r4);
15039
- d1 += h8 * (5 * r3);
15040
- d1 += h9 * (5 * r2);
15041
- c += (d1 >>> 13); d1 &= 0x1fff;
15042
-
15043
- d2 = c;
15044
- d2 += h0 * r2;
15045
- d2 += h1 * r1;
15046
- d2 += h2 * r0;
15047
- d2 += h3 * (5 * r9);
15048
- d2 += h4 * (5 * r8);
15049
- c = (d2 >>> 13); d2 &= 0x1fff;
15050
- d2 += h5 * (5 * r7);
15051
- d2 += h6 * (5 * r6);
15052
- d2 += h7 * (5 * r5);
15053
- d2 += h8 * (5 * r4);
15054
- d2 += h9 * (5 * r3);
15055
- c += (d2 >>> 13); d2 &= 0x1fff;
15056
-
15057
- d3 = c;
15058
- d3 += h0 * r3;
15059
- d3 += h1 * r2;
15060
- d3 += h2 * r1;
15061
- d3 += h3 * r0;
15062
- d3 += h4 * (5 * r9);
15063
- c = (d3 >>> 13); d3 &= 0x1fff;
15064
- d3 += h5 * (5 * r8);
15065
- d3 += h6 * (5 * r7);
15066
- d3 += h7 * (5 * r6);
15067
- d3 += h8 * (5 * r5);
15068
- d3 += h9 * (5 * r4);
15069
- c += (d3 >>> 13); d3 &= 0x1fff;
15070
-
15071
- d4 = c;
15072
- d4 += h0 * r4;
15073
- d4 += h1 * r3;
15074
- d4 += h2 * r2;
15075
- d4 += h3 * r1;
15076
- d4 += h4 * r0;
15077
- c = (d4 >>> 13); d4 &= 0x1fff;
15078
- d4 += h5 * (5 * r9);
15079
- d4 += h6 * (5 * r8);
15080
- d4 += h7 * (5 * r7);
15081
- d4 += h8 * (5 * r6);
15082
- d4 += h9 * (5 * r5);
15083
- c += (d4 >>> 13); d4 &= 0x1fff;
15084
-
15085
- d5 = c;
15086
- d5 += h0 * r5;
15087
- d5 += h1 * r4;
15088
- d5 += h2 * r3;
15089
- d5 += h3 * r2;
15090
- d5 += h4 * r1;
15091
- c = (d5 >>> 13); d5 &= 0x1fff;
15092
- d5 += h5 * r0;
15093
- d5 += h6 * (5 * r9);
15094
- d5 += h7 * (5 * r8);
15095
- d5 += h8 * (5 * r7);
15096
- d5 += h9 * (5 * r6);
15097
- c += (d5 >>> 13); d5 &= 0x1fff;
15098
-
15099
- d6 = c;
15100
- d6 += h0 * r6;
15101
- d6 += h1 * r5;
15102
- d6 += h2 * r4;
15103
- d6 += h3 * r3;
15104
- d6 += h4 * r2;
15105
- c = (d6 >>> 13); d6 &= 0x1fff;
15106
- d6 += h5 * r1;
15107
- d6 += h6 * r0;
15108
- d6 += h7 * (5 * r9);
15109
- d6 += h8 * (5 * r8);
15110
- d6 += h9 * (5 * r7);
15111
- c += (d6 >>> 13); d6 &= 0x1fff;
15112
-
15113
- d7 = c;
15114
- d7 += h0 * r7;
15115
- d7 += h1 * r6;
15116
- d7 += h2 * r5;
15117
- d7 += h3 * r4;
15118
- d7 += h4 * r3;
15119
- c = (d7 >>> 13); d7 &= 0x1fff;
15120
- d7 += h5 * r2;
15121
- d7 += h6 * r1;
15122
- d7 += h7 * r0;
15123
- d7 += h8 * (5 * r9);
15124
- d7 += h9 * (5 * r8);
15125
- c += (d7 >>> 13); d7 &= 0x1fff;
15126
-
15127
- d8 = c;
15128
- d8 += h0 * r8;
15129
- d8 += h1 * r7;
15130
- d8 += h2 * r6;
15131
- d8 += h3 * r5;
15132
- d8 += h4 * r4;
15133
- c = (d8 >>> 13); d8 &= 0x1fff;
15134
- d8 += h5 * r3;
15135
- d8 += h6 * r2;
15136
- d8 += h7 * r1;
15137
- d8 += h8 * r0;
15138
- d8 += h9 * (5 * r9);
15139
- c += (d8 >>> 13); d8 &= 0x1fff;
15140
-
15141
- d9 = c;
15142
- d9 += h0 * r9;
15143
- d9 += h1 * r8;
15144
- d9 += h2 * r7;
15145
- d9 += h3 * r6;
15146
- d9 += h4 * r5;
15147
- c = (d9 >>> 13); d9 &= 0x1fff;
15148
- d9 += h5 * r4;
15149
- d9 += h6 * r3;
15150
- d9 += h7 * r2;
15151
- d9 += h8 * r1;
15152
- d9 += h9 * r0;
15153
- c += (d9 >>> 13); d9 &= 0x1fff;
15154
-
15155
- c = (((c << 2) + c)) | 0;
15156
- c = (c + d0) | 0;
15157
- d0 = c & 0x1fff;
15158
- c = (c >>> 13);
15159
- d1 += c;
15160
-
15161
- h0 = d0;
15162
- h1 = d1;
15163
- h2 = d2;
15164
- h3 = d3;
15165
- h4 = d4;
15166
- h5 = d5;
15167
- h6 = d6;
15168
- h7 = d7;
15169
- h8 = d8;
15170
- h9 = d9;
15171
-
15172
- mpos += 16;
15173
- bytes -= 16;
15174
- }
15175
- this.h[0] = h0;
15176
- this.h[1] = h1;
15177
- this.h[2] = h2;
15178
- this.h[3] = h3;
15179
- this.h[4] = h4;
15180
- this.h[5] = h5;
15181
- this.h[6] = h6;
15182
- this.h[7] = h7;
15183
- this.h[8] = h8;
15184
- this.h[9] = h9;
15185
- };
15186
-
15187
- poly1305.prototype.finish = function(mac, macpos) {
15188
- var g = new Uint16Array(10);
15189
- var c, mask, f, i;
15190
-
15191
- if (this.leftover) {
15192
- i = this.leftover;
15193
- this.buffer[i++] = 1;
15194
- for (; i < 16; i++) this.buffer[i] = 0;
15195
- this.fin = 1;
15196
- this.blocks(this.buffer, 0, 16);
15197
- }
15198
-
15199
- c = this.h[1] >>> 13;
15200
- this.h[1] &= 0x1fff;
15201
- for (i = 2; i < 10; i++) {
15202
- this.h[i] += c;
15203
- c = this.h[i] >>> 13;
15204
- this.h[i] &= 0x1fff;
15205
- }
15206
- this.h[0] += (c * 5);
15207
- c = this.h[0] >>> 13;
15208
- this.h[0] &= 0x1fff;
15209
- this.h[1] += c;
15210
- c = this.h[1] >>> 13;
15211
- this.h[1] &= 0x1fff;
15212
- this.h[2] += c;
15213
-
15214
- g[0] = this.h[0] + 5;
15215
- c = g[0] >>> 13;
15216
- g[0] &= 0x1fff;
15217
- for (i = 1; i < 10; i++) {
15218
- g[i] = this.h[i] + c;
15219
- c = g[i] >>> 13;
15220
- g[i] &= 0x1fff;
15221
- }
15222
- g[9] -= (1 << 13);
15223
-
15224
- mask = (c ^ 1) - 1;
15225
- for (i = 0; i < 10; i++) g[i] &= mask;
15226
- mask = ~mask;
15227
- for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i];
15228
-
15229
- this.h[0] = ((this.h[0] ) | (this.h[1] << 13) ) & 0xffff;
15230
- this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10) ) & 0xffff;
15231
- this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7) ) & 0xffff;
15232
- this.h[3] = ((this.h[3] >>> 9) | (this.h[4] << 4) ) & 0xffff;
15233
- this.h[4] = ((this.h[4] >>> 12) | (this.h[5] << 1) | (this.h[6] << 14)) & 0xffff;
15234
- this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11) ) & 0xffff;
15235
- this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8) ) & 0xffff;
15236
- this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5) ) & 0xffff;
15237
-
15238
- f = this.h[0] + this.pad[0];
15239
- this.h[0] = f & 0xffff;
15240
- for (i = 1; i < 8; i++) {
15241
- f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0;
15242
- this.h[i] = f & 0xffff;
15243
- }
15244
-
15245
- mac[macpos+ 0] = (this.h[0] >>> 0) & 0xff;
15246
- mac[macpos+ 1] = (this.h[0] >>> 8) & 0xff;
15247
- mac[macpos+ 2] = (this.h[1] >>> 0) & 0xff;
15248
- mac[macpos+ 3] = (this.h[1] >>> 8) & 0xff;
15249
- mac[macpos+ 4] = (this.h[2] >>> 0) & 0xff;
15250
- mac[macpos+ 5] = (this.h[2] >>> 8) & 0xff;
15251
- mac[macpos+ 6] = (this.h[3] >>> 0) & 0xff;
15252
- mac[macpos+ 7] = (this.h[3] >>> 8) & 0xff;
15253
- mac[macpos+ 8] = (this.h[4] >>> 0) & 0xff;
15254
- mac[macpos+ 9] = (this.h[4] >>> 8) & 0xff;
15255
- mac[macpos+10] = (this.h[5] >>> 0) & 0xff;
15256
- mac[macpos+11] = (this.h[5] >>> 8) & 0xff;
15257
- mac[macpos+12] = (this.h[6] >>> 0) & 0xff;
15258
- mac[macpos+13] = (this.h[6] >>> 8) & 0xff;
15259
- mac[macpos+14] = (this.h[7] >>> 0) & 0xff;
15260
- mac[macpos+15] = (this.h[7] >>> 8) & 0xff;
15261
- };
15262
-
15263
- poly1305.prototype.update = function(m, mpos, bytes) {
15264
- var i, want;
15265
-
15266
- if (this.leftover) {
15267
- want = (16 - this.leftover);
15268
- if (want > bytes)
15269
- want = bytes;
15270
- for (i = 0; i < want; i++)
15271
- this.buffer[this.leftover + i] = m[mpos+i];
15272
- bytes -= want;
15273
- mpos += want;
15274
- this.leftover += want;
15275
- if (this.leftover < 16)
15276
- return;
15277
- this.blocks(this.buffer, 0, 16);
15278
- this.leftover = 0;
15279
- }
15280
-
15281
- if (bytes >= 16) {
15282
- want = bytes - (bytes % 16);
15283
- this.blocks(m, mpos, want);
15284
- mpos += want;
15285
- bytes -= want;
15286
- }
15287
-
15288
- if (bytes) {
15289
- for (i = 0; i < bytes; i++)
15290
- this.buffer[this.leftover + i] = m[mpos+i];
15291
- this.leftover += bytes;
15292
- }
15293
- };
15294
-
15295
- function crypto_onetimeauth(out, outpos, m, mpos, n, k) {
15296
- var s = new poly1305(k);
15297
- s.update(m, mpos, n);
15298
- s.finish(out, outpos);
15299
- return 0;
15300
- }
15301
-
15302
- function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) {
15303
- var x = new Uint8Array(16);
15304
- crypto_onetimeauth(x,0,m,mpos,n,k);
15305
- return crypto_verify_16(h,hpos,x,0);
15306
- }
15307
-
15308
- function crypto_secretbox(c,m,d,n,k) {
15309
- var i;
15310
- if (d < 32) return -1;
15311
- crypto_stream_xor(c,0,m,0,d,n,k);
15312
- crypto_onetimeauth(c, 16, c, 32, d - 32, c);
15313
- for (i = 0; i < 16; i++) c[i] = 0;
15314
- return 0;
15315
- }
15316
-
15317
- function crypto_secretbox_open(m,c,d,n,k) {
15318
- var i;
15319
- var x = new Uint8Array(32);
15320
- if (d < 32) return -1;
15321
- crypto_stream(x,0,32,n,k);
15322
- if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1;
15323
- crypto_stream_xor(m,0,c,0,d,n,k);
15324
- for (i = 0; i < 32; i++) m[i] = 0;
15325
- return 0;
15326
- }
15327
-
15328
- function set25519(r, a) {
15329
- var i;
15330
- for (i = 0; i < 16; i++) r[i] = a[i]|0;
15331
- }
15332
-
15333
- function car25519(o) {
15334
- var i, v, c = 1;
15335
- for (i = 0; i < 16; i++) {
15336
- v = o[i] + c + 65535;
15337
- c = Math.floor(v / 65536);
15338
- o[i] = v - c * 65536;
15339
- }
15340
- o[0] += c-1 + 37 * (c-1);
15341
- }
15342
-
15343
- function sel25519(p, q, b) {
15344
- var t, c = ~(b-1);
15345
- for (var i = 0; i < 16; i++) {
15346
- t = c & (p[i] ^ q[i]);
15347
- p[i] ^= t;
15348
- q[i] ^= t;
15349
- }
15350
- }
15351
-
15352
- function pack25519(o, n) {
15353
- var i, j, b;
15354
- var m = gf(), t = gf();
15355
- for (i = 0; i < 16; i++) t[i] = n[i];
15356
- car25519(t);
15357
- car25519(t);
15358
- car25519(t);
15359
- for (j = 0; j < 2; j++) {
15360
- m[0] = t[0] - 0xffed;
15361
- for (i = 1; i < 15; i++) {
15362
- m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);
15363
- m[i-1] &= 0xffff;
15364
- }
15365
- m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);
15366
- b = (m[15]>>16) & 1;
15367
- m[14] &= 0xffff;
15368
- sel25519(t, m, 1-b);
15369
- }
15370
- for (i = 0; i < 16; i++) {
15371
- o[2*i] = t[i] & 0xff;
15372
- o[2*i+1] = t[i]>>8;
15373
- }
15374
- }
15375
-
15376
- function neq25519(a, b) {
15377
- var c = new Uint8Array(32), d = new Uint8Array(32);
15378
- pack25519(c, a);
15379
- pack25519(d, b);
15380
- return crypto_verify_32(c, 0, d, 0);
15381
- }
15382
-
15383
- function par25519(a) {
15384
- var d = new Uint8Array(32);
15385
- pack25519(d, a);
15386
- return d[0] & 1;
15387
- }
15388
-
15389
- function unpack25519(o, n) {
15390
- var i;
15391
- for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);
15392
- o[15] &= 0x7fff;
15393
- }
15394
-
15395
- function A(o, a, b) {
15396
- for (var i = 0; i < 16; i++) o[i] = a[i] + b[i];
15397
- }
15398
-
15399
- function Z(o, a, b) {
15400
- for (var i = 0; i < 16; i++) o[i] = a[i] - b[i];
15401
- }
15402
-
15403
- function M(o, a, b) {
15404
- var v, c,
15405
- t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,
15406
- t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,
15407
- t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,
15408
- t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,
15409
- b0 = b[0],
15410
- b1 = b[1],
15411
- b2 = b[2],
15412
- b3 = b[3],
15413
- b4 = b[4],
15414
- b5 = b[5],
15415
- b6 = b[6],
15416
- b7 = b[7],
15417
- b8 = b[8],
15418
- b9 = b[9],
15419
- b10 = b[10],
15420
- b11 = b[11],
15421
- b12 = b[12],
15422
- b13 = b[13],
15423
- b14 = b[14],
15424
- b15 = b[15];
15425
-
15426
- v = a[0];
15427
- t0 += v * b0;
15428
- t1 += v * b1;
15429
- t2 += v * b2;
15430
- t3 += v * b3;
15431
- t4 += v * b4;
15432
- t5 += v * b5;
15433
- t6 += v * b6;
15434
- t7 += v * b7;
15435
- t8 += v * b8;
15436
- t9 += v * b9;
15437
- t10 += v * b10;
15438
- t11 += v * b11;
15439
- t12 += v * b12;
15440
- t13 += v * b13;
15441
- t14 += v * b14;
15442
- t15 += v * b15;
15443
- v = a[1];
15444
- t1 += v * b0;
15445
- t2 += v * b1;
15446
- t3 += v * b2;
15447
- t4 += v * b3;
15448
- t5 += v * b4;
15449
- t6 += v * b5;
15450
- t7 += v * b6;
15451
- t8 += v * b7;
15452
- t9 += v * b8;
15453
- t10 += v * b9;
15454
- t11 += v * b10;
15455
- t12 += v * b11;
15456
- t13 += v * b12;
15457
- t14 += v * b13;
15458
- t15 += v * b14;
15459
- t16 += v * b15;
15460
- v = a[2];
15461
- t2 += v * b0;
15462
- t3 += v * b1;
15463
- t4 += v * b2;
15464
- t5 += v * b3;
15465
- t6 += v * b4;
15466
- t7 += v * b5;
15467
- t8 += v * b6;
15468
- t9 += v * b7;
15469
- t10 += v * b8;
15470
- t11 += v * b9;
15471
- t12 += v * b10;
15472
- t13 += v * b11;
15473
- t14 += v * b12;
15474
- t15 += v * b13;
15475
- t16 += v * b14;
15476
- t17 += v * b15;
15477
- v = a[3];
15478
- t3 += v * b0;
15479
- t4 += v * b1;
15480
- t5 += v * b2;
15481
- t6 += v * b3;
15482
- t7 += v * b4;
15483
- t8 += v * b5;
15484
- t9 += v * b6;
15485
- t10 += v * b7;
15486
- t11 += v * b8;
15487
- t12 += v * b9;
15488
- t13 += v * b10;
15489
- t14 += v * b11;
15490
- t15 += v * b12;
15491
- t16 += v * b13;
15492
- t17 += v * b14;
15493
- t18 += v * b15;
15494
- v = a[4];
15495
- t4 += v * b0;
15496
- t5 += v * b1;
15497
- t6 += v * b2;
15498
- t7 += v * b3;
15499
- t8 += v * b4;
15500
- t9 += v * b5;
15501
- t10 += v * b6;
15502
- t11 += v * b7;
15503
- t12 += v * b8;
15504
- t13 += v * b9;
15505
- t14 += v * b10;
15506
- t15 += v * b11;
15507
- t16 += v * b12;
15508
- t17 += v * b13;
15509
- t18 += v * b14;
15510
- t19 += v * b15;
15511
- v = a[5];
15512
- t5 += v * b0;
15513
- t6 += v * b1;
15514
- t7 += v * b2;
15515
- t8 += v * b3;
15516
- t9 += v * b4;
15517
- t10 += v * b5;
15518
- t11 += v * b6;
15519
- t12 += v * b7;
15520
- t13 += v * b8;
15521
- t14 += v * b9;
15522
- t15 += v * b10;
15523
- t16 += v * b11;
15524
- t17 += v * b12;
15525
- t18 += v * b13;
15526
- t19 += v * b14;
15527
- t20 += v * b15;
15528
- v = a[6];
15529
- t6 += v * b0;
15530
- t7 += v * b1;
15531
- t8 += v * b2;
15532
- t9 += v * b3;
15533
- t10 += v * b4;
15534
- t11 += v * b5;
15535
- t12 += v * b6;
15536
- t13 += v * b7;
15537
- t14 += v * b8;
15538
- t15 += v * b9;
15539
- t16 += v * b10;
15540
- t17 += v * b11;
15541
- t18 += v * b12;
15542
- t19 += v * b13;
15543
- t20 += v * b14;
15544
- t21 += v * b15;
15545
- v = a[7];
15546
- t7 += v * b0;
15547
- t8 += v * b1;
15548
- t9 += v * b2;
15549
- t10 += v * b3;
15550
- t11 += v * b4;
15551
- t12 += v * b5;
15552
- t13 += v * b6;
15553
- t14 += v * b7;
15554
- t15 += v * b8;
15555
- t16 += v * b9;
15556
- t17 += v * b10;
15557
- t18 += v * b11;
15558
- t19 += v * b12;
15559
- t20 += v * b13;
15560
- t21 += v * b14;
15561
- t22 += v * b15;
15562
- v = a[8];
15563
- t8 += v * b0;
15564
- t9 += v * b1;
15565
- t10 += v * b2;
15566
- t11 += v * b3;
15567
- t12 += v * b4;
15568
- t13 += v * b5;
15569
- t14 += v * b6;
15570
- t15 += v * b7;
15571
- t16 += v * b8;
15572
- t17 += v * b9;
15573
- t18 += v * b10;
15574
- t19 += v * b11;
15575
- t20 += v * b12;
15576
- t21 += v * b13;
15577
- t22 += v * b14;
15578
- t23 += v * b15;
15579
- v = a[9];
15580
- t9 += v * b0;
15581
- t10 += v * b1;
15582
- t11 += v * b2;
15583
- t12 += v * b3;
15584
- t13 += v * b4;
15585
- t14 += v * b5;
15586
- t15 += v * b6;
15587
- t16 += v * b7;
15588
- t17 += v * b8;
15589
- t18 += v * b9;
15590
- t19 += v * b10;
15591
- t20 += v * b11;
15592
- t21 += v * b12;
15593
- t22 += v * b13;
15594
- t23 += v * b14;
15595
- t24 += v * b15;
15596
- v = a[10];
15597
- t10 += v * b0;
15598
- t11 += v * b1;
15599
- t12 += v * b2;
15600
- t13 += v * b3;
15601
- t14 += v * b4;
15602
- t15 += v * b5;
15603
- t16 += v * b6;
15604
- t17 += v * b7;
15605
- t18 += v * b8;
15606
- t19 += v * b9;
15607
- t20 += v * b10;
15608
- t21 += v * b11;
15609
- t22 += v * b12;
15610
- t23 += v * b13;
15611
- t24 += v * b14;
15612
- t25 += v * b15;
15613
- v = a[11];
15614
- t11 += v * b0;
15615
- t12 += v * b1;
15616
- t13 += v * b2;
15617
- t14 += v * b3;
15618
- t15 += v * b4;
15619
- t16 += v * b5;
15620
- t17 += v * b6;
15621
- t18 += v * b7;
15622
- t19 += v * b8;
15623
- t20 += v * b9;
15624
- t21 += v * b10;
15625
- t22 += v * b11;
15626
- t23 += v * b12;
15627
- t24 += v * b13;
15628
- t25 += v * b14;
15629
- t26 += v * b15;
15630
- v = a[12];
15631
- t12 += v * b0;
15632
- t13 += v * b1;
15633
- t14 += v * b2;
15634
- t15 += v * b3;
15635
- t16 += v * b4;
15636
- t17 += v * b5;
15637
- t18 += v * b6;
15638
- t19 += v * b7;
15639
- t20 += v * b8;
15640
- t21 += v * b9;
15641
- t22 += v * b10;
15642
- t23 += v * b11;
15643
- t24 += v * b12;
15644
- t25 += v * b13;
15645
- t26 += v * b14;
15646
- t27 += v * b15;
15647
- v = a[13];
15648
- t13 += v * b0;
15649
- t14 += v * b1;
15650
- t15 += v * b2;
15651
- t16 += v * b3;
15652
- t17 += v * b4;
15653
- t18 += v * b5;
15654
- t19 += v * b6;
15655
- t20 += v * b7;
15656
- t21 += v * b8;
15657
- t22 += v * b9;
15658
- t23 += v * b10;
15659
- t24 += v * b11;
15660
- t25 += v * b12;
15661
- t26 += v * b13;
15662
- t27 += v * b14;
15663
- t28 += v * b15;
15664
- v = a[14];
15665
- t14 += v * b0;
15666
- t15 += v * b1;
15667
- t16 += v * b2;
15668
- t17 += v * b3;
15669
- t18 += v * b4;
15670
- t19 += v * b5;
15671
- t20 += v * b6;
15672
- t21 += v * b7;
15673
- t22 += v * b8;
15674
- t23 += v * b9;
15675
- t24 += v * b10;
15676
- t25 += v * b11;
15677
- t26 += v * b12;
15678
- t27 += v * b13;
15679
- t28 += v * b14;
15680
- t29 += v * b15;
15681
- v = a[15];
15682
- t15 += v * b0;
15683
- t16 += v * b1;
15684
- t17 += v * b2;
15685
- t18 += v * b3;
15686
- t19 += v * b4;
15687
- t20 += v * b5;
15688
- t21 += v * b6;
15689
- t22 += v * b7;
15690
- t23 += v * b8;
15691
- t24 += v * b9;
15692
- t25 += v * b10;
15693
- t26 += v * b11;
15694
- t27 += v * b12;
15695
- t28 += v * b13;
15696
- t29 += v * b14;
15697
- t30 += v * b15;
15698
-
15699
- t0 += 38 * t16;
15700
- t1 += 38 * t17;
15701
- t2 += 38 * t18;
15702
- t3 += 38 * t19;
15703
- t4 += 38 * t20;
15704
- t5 += 38 * t21;
15705
- t6 += 38 * t22;
15706
- t7 += 38 * t23;
15707
- t8 += 38 * t24;
15708
- t9 += 38 * t25;
15709
- t10 += 38 * t26;
15710
- t11 += 38 * t27;
15711
- t12 += 38 * t28;
15712
- t13 += 38 * t29;
15713
- t14 += 38 * t30;
15714
- // t15 left as is
15715
-
15716
- // first car
15717
- c = 1;
15718
- v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
15719
- v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
15720
- v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
15721
- v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
15722
- v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
15723
- v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
15724
- v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
15725
- v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
15726
- v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
15727
- v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
15728
- v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
15729
- v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
15730
- v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
15731
- v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
15732
- v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
15733
- v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
15734
- t0 += c-1 + 37 * (c-1);
15735
-
15736
- // second car
15737
- c = 1;
15738
- v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;
15739
- v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;
15740
- v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;
15741
- v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;
15742
- v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;
15743
- v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;
15744
- v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;
15745
- v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;
15746
- v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;
15747
- v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;
15748
- v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
15749
- v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
15750
- v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
15751
- v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
15752
- v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
15753
- v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
15754
- t0 += c-1 + 37 * (c-1);
15755
-
15756
- o[ 0] = t0;
15757
- o[ 1] = t1;
15758
- o[ 2] = t2;
15759
- o[ 3] = t3;
15760
- o[ 4] = t4;
15761
- o[ 5] = t5;
15762
- o[ 6] = t6;
15763
- o[ 7] = t7;
15764
- o[ 8] = t8;
15765
- o[ 9] = t9;
15766
- o[10] = t10;
15767
- o[11] = t11;
15768
- o[12] = t12;
15769
- o[13] = t13;
15770
- o[14] = t14;
15771
- o[15] = t15;
15772
- }
15773
-
15774
- function S(o, a) {
15775
- M(o, a, a);
15776
- }
15777
-
15778
- function inv25519(o, i) {
15779
- var c = gf();
15780
- var a;
15781
- for (a = 0; a < 16; a++) c[a] = i[a];
15782
- for (a = 253; a >= 0; a--) {
15783
- S(c, c);
15784
- if(a !== 2 && a !== 4) M(c, c, i);
15785
- }
15786
- for (a = 0; a < 16; a++) o[a] = c[a];
15787
- }
15788
-
15789
- function pow2523(o, i) {
15790
- var c = gf();
15791
- var a;
15792
- for (a = 0; a < 16; a++) c[a] = i[a];
15793
- for (a = 250; a >= 0; a--) {
15794
- S(c, c);
15795
- if(a !== 1) M(c, c, i);
15796
- }
15797
- for (a = 0; a < 16; a++) o[a] = c[a];
15798
- }
15799
-
15800
- function crypto_scalarmult(q, n, p) {
15801
- var z = new Uint8Array(32);
15802
- var x = new Float64Array(80), r, i;
15803
- var a = gf(), b = gf(), c = gf(),
15804
- d = gf(), e = gf(), f = gf();
15805
- for (i = 0; i < 31; i++) z[i] = n[i];
15806
- z[31]=(n[31]&127)|64;
15807
- z[0]&=248;
15808
- unpack25519(x,p);
15809
- for (i = 0; i < 16; i++) {
15810
- b[i]=x[i];
15811
- d[i]=a[i]=c[i]=0;
15812
- }
15813
- a[0]=d[0]=1;
15814
- for (i=254; i>=0; --i) {
15815
- r=(z[i>>>3]>>>(i&7))&1;
15816
- sel25519(a,b,r);
15817
- sel25519(c,d,r);
15818
- A(e,a,c);
15819
- Z(a,a,c);
15820
- A(c,b,d);
15821
- Z(b,b,d);
15822
- S(d,e);
15823
- S(f,a);
15824
- M(a,c,a);
15825
- M(c,b,e);
15826
- A(e,a,c);
15827
- Z(a,a,c);
15828
- S(b,a);
15829
- Z(c,d,f);
15830
- M(a,c,_121665);
15831
- A(a,a,d);
15832
- M(c,c,a);
15833
- M(a,d,f);
15834
- M(d,b,x);
15835
- S(b,e);
15836
- sel25519(a,b,r);
15837
- sel25519(c,d,r);
15838
- }
15839
- for (i = 0; i < 16; i++) {
15840
- x[i+16]=a[i];
15841
- x[i+32]=c[i];
15842
- x[i+48]=b[i];
15843
- x[i+64]=d[i];
15844
- }
15845
- var x32 = x.subarray(32);
15846
- var x16 = x.subarray(16);
15847
- inv25519(x32,x32);
15848
- M(x16,x16,x32);
15849
- pack25519(q,x16);
15850
- return 0;
15851
- }
15852
-
15853
- function crypto_scalarmult_base(q, n) {
15854
- return crypto_scalarmult(q, n, _9);
15855
- }
15856
-
15857
- function crypto_box_keypair(y, x) {
15858
- randombytes(x, 32);
15859
- return crypto_scalarmult_base(y, x);
15860
- }
15861
-
15862
- function crypto_box_beforenm(k, y, x) {
15863
- var s = new Uint8Array(32);
15864
- crypto_scalarmult(s, x, y);
15865
- return crypto_core_hsalsa20(k, _0, s, sigma);
15866
- }
15867
-
15868
- var crypto_box_afternm = crypto_secretbox;
15869
- var crypto_box_open_afternm = crypto_secretbox_open;
15870
-
15871
- function crypto_box(c, m, d, n, y, x) {
15872
- var k = new Uint8Array(32);
15873
- crypto_box_beforenm(k, y, x);
15874
- return crypto_box_afternm(c, m, d, n, k);
15875
- }
15876
-
15877
- function crypto_box_open(m, c, d, n, y, x) {
15878
- var k = new Uint8Array(32);
15879
- crypto_box_beforenm(k, y, x);
15880
- return crypto_box_open_afternm(m, c, d, n, k);
15881
- }
15882
-
15883
- var K = [
15884
- 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
15885
- 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
15886
- 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
15887
- 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
15888
- 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
15889
- 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
15890
- 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
15891
- 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
15892
- 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
15893
- 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
15894
- 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
15895
- 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
15896
- 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
15897
- 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
15898
- 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
15899
- 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
15900
- 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
15901
- 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
15902
- 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
15903
- 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
15904
- 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
15905
- 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
15906
- 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
15907
- 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
15908
- 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
15909
- 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
15910
- 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
15911
- 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
15912
- 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
15913
- 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
15914
- 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
15915
- 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
15916
- 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
15917
- 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
15918
- 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
15919
- 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
15920
- 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
15921
- 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
15922
- 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
15923
- 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
15924
- ];
15925
-
15926
- function crypto_hashblocks_hl(hh, hl, m, n) {
15927
- var wh = new Int32Array(16), wl = new Int32Array(16),
15928
- bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7,
15929
- bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7,
15930
- th, tl, i, j, h, l, a, b, c, d;
15931
-
15932
- var ah0 = hh[0],
15933
- ah1 = hh[1],
15934
- ah2 = hh[2],
15935
- ah3 = hh[3],
15936
- ah4 = hh[4],
15937
- ah5 = hh[5],
15938
- ah6 = hh[6],
15939
- ah7 = hh[7],
15940
-
15941
- al0 = hl[0],
15942
- al1 = hl[1],
15943
- al2 = hl[2],
15944
- al3 = hl[3],
15945
- al4 = hl[4],
15946
- al5 = hl[5],
15947
- al6 = hl[6],
15948
- al7 = hl[7];
15949
-
15950
- var pos = 0;
15951
- while (n >= 128) {
15952
- for (i = 0; i < 16; i++) {
15953
- j = 8 * i + pos;
15954
- wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3];
15955
- wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7];
15956
- }
15957
- for (i = 0; i < 80; i++) {
15958
- bh0 = ah0;
15959
- bh1 = ah1;
15960
- bh2 = ah2;
15961
- bh3 = ah3;
15962
- bh4 = ah4;
15963
- bh5 = ah5;
15964
- bh6 = ah6;
15965
- bh7 = ah7;
15966
-
15967
- bl0 = al0;
15968
- bl1 = al1;
15969
- bl2 = al2;
15970
- bl3 = al3;
15971
- bl4 = al4;
15972
- bl5 = al5;
15973
- bl6 = al6;
15974
- bl7 = al7;
15975
-
15976
- // add
15977
- h = ah7;
15978
- l = al7;
15979
-
15980
- a = l & 0xffff; b = l >>> 16;
15981
- c = h & 0xffff; d = h >>> 16;
15982
-
15983
- // Sigma1
15984
- h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32))));
15985
- l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32))));
15986
-
15987
- a += l & 0xffff; b += l >>> 16;
15988
- c += h & 0xffff; d += h >>> 16;
15989
-
15990
- // Ch
15991
- h = (ah4 & ah5) ^ (~ah4 & ah6);
15992
- l = (al4 & al5) ^ (~al4 & al6);
15993
-
15994
- a += l & 0xffff; b += l >>> 16;
15995
- c += h & 0xffff; d += h >>> 16;
15996
-
15997
- // K
15998
- h = K[i*2];
15999
- l = K[i*2+1];
16000
-
16001
- a += l & 0xffff; b += l >>> 16;
16002
- c += h & 0xffff; d += h >>> 16;
16003
-
16004
- // w
16005
- h = wh[i%16];
16006
- l = wl[i%16];
16007
-
16008
- a += l & 0xffff; b += l >>> 16;
16009
- c += h & 0xffff; d += h >>> 16;
16010
-
16011
- b += a >>> 16;
16012
- c += b >>> 16;
16013
- d += c >>> 16;
16014
-
16015
- th = c & 0xffff | d << 16;
16016
- tl = a & 0xffff | b << 16;
16017
-
16018
- // add
16019
- h = th;
16020
- l = tl;
16021
-
16022
- a = l & 0xffff; b = l >>> 16;
16023
- c = h & 0xffff; d = h >>> 16;
16024
-
16025
- // Sigma0
16026
- h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32))));
16027
- l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32))));
16028
-
16029
- a += l & 0xffff; b += l >>> 16;
16030
- c += h & 0xffff; d += h >>> 16;
16031
-
16032
- // Maj
16033
- h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2);
16034
- l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2);
16035
-
16036
- a += l & 0xffff; b += l >>> 16;
16037
- c += h & 0xffff; d += h >>> 16;
16038
-
16039
- b += a >>> 16;
16040
- c += b >>> 16;
16041
- d += c >>> 16;
16042
-
16043
- bh7 = (c & 0xffff) | (d << 16);
16044
- bl7 = (a & 0xffff) | (b << 16);
16045
-
16046
- // add
16047
- h = bh3;
16048
- l = bl3;
16049
-
16050
- a = l & 0xffff; b = l >>> 16;
16051
- c = h & 0xffff; d = h >>> 16;
16052
-
16053
- h = th;
16054
- l = tl;
16055
-
16056
- a += l & 0xffff; b += l >>> 16;
16057
- c += h & 0xffff; d += h >>> 16;
16058
-
16059
- b += a >>> 16;
16060
- c += b >>> 16;
16061
- d += c >>> 16;
16062
-
16063
- bh3 = (c & 0xffff) | (d << 16);
16064
- bl3 = (a & 0xffff) | (b << 16);
16065
-
16066
- ah1 = bh0;
16067
- ah2 = bh1;
16068
- ah3 = bh2;
16069
- ah4 = bh3;
16070
- ah5 = bh4;
16071
- ah6 = bh5;
16072
- ah7 = bh6;
16073
- ah0 = bh7;
16074
-
16075
- al1 = bl0;
16076
- al2 = bl1;
16077
- al3 = bl2;
16078
- al4 = bl3;
16079
- al5 = bl4;
16080
- al6 = bl5;
16081
- al7 = bl6;
16082
- al0 = bl7;
16083
-
16084
- if (i%16 === 15) {
16085
- for (j = 0; j < 16; j++) {
16086
- // add
16087
- h = wh[j];
16088
- l = wl[j];
16089
-
16090
- a = l & 0xffff; b = l >>> 16;
16091
- c = h & 0xffff; d = h >>> 16;
16092
-
16093
- h = wh[(j+9)%16];
16094
- l = wl[(j+9)%16];
16095
-
16096
- a += l & 0xffff; b += l >>> 16;
16097
- c += h & 0xffff; d += h >>> 16;
16098
-
16099
- // sigma0
16100
- th = wh[(j+1)%16];
16101
- tl = wl[(j+1)%16];
16102
- h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7);
16103
- l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7)));
16104
-
16105
- a += l & 0xffff; b += l >>> 16;
16106
- c += h & 0xffff; d += h >>> 16;
16107
-
16108
- // sigma1
16109
- th = wh[(j+14)%16];
16110
- tl = wl[(j+14)%16];
16111
- h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6);
16112
- l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6)));
16113
-
16114
- a += l & 0xffff; b += l >>> 16;
16115
- c += h & 0xffff; d += h >>> 16;
16116
-
16117
- b += a >>> 16;
16118
- c += b >>> 16;
16119
- d += c >>> 16;
16120
-
16121
- wh[j] = (c & 0xffff) | (d << 16);
16122
- wl[j] = (a & 0xffff) | (b << 16);
16123
- }
16124
- }
16125
- }
16126
-
16127
- // add
16128
- h = ah0;
16129
- l = al0;
16130
-
16131
- a = l & 0xffff; b = l >>> 16;
16132
- c = h & 0xffff; d = h >>> 16;
16133
-
16134
- h = hh[0];
16135
- l = hl[0];
16136
-
16137
- a += l & 0xffff; b += l >>> 16;
16138
- c += h & 0xffff; d += h >>> 16;
16139
-
16140
- b += a >>> 16;
16141
- c += b >>> 16;
16142
- d += c >>> 16;
16143
-
16144
- hh[0] = ah0 = (c & 0xffff) | (d << 16);
16145
- hl[0] = al0 = (a & 0xffff) | (b << 16);
16146
-
16147
- h = ah1;
16148
- l = al1;
16149
-
16150
- a = l & 0xffff; b = l >>> 16;
16151
- c = h & 0xffff; d = h >>> 16;
16152
-
16153
- h = hh[1];
16154
- l = hl[1];
16155
-
16156
- a += l & 0xffff; b += l >>> 16;
16157
- c += h & 0xffff; d += h >>> 16;
16158
-
16159
- b += a >>> 16;
16160
- c += b >>> 16;
16161
- d += c >>> 16;
16162
-
16163
- hh[1] = ah1 = (c & 0xffff) | (d << 16);
16164
- hl[1] = al1 = (a & 0xffff) | (b << 16);
16165
-
16166
- h = ah2;
16167
- l = al2;
16168
-
16169
- a = l & 0xffff; b = l >>> 16;
16170
- c = h & 0xffff; d = h >>> 16;
16171
-
16172
- h = hh[2];
16173
- l = hl[2];
16174
-
16175
- a += l & 0xffff; b += l >>> 16;
16176
- c += h & 0xffff; d += h >>> 16;
16177
-
16178
- b += a >>> 16;
16179
- c += b >>> 16;
16180
- d += c >>> 16;
16181
-
16182
- hh[2] = ah2 = (c & 0xffff) | (d << 16);
16183
- hl[2] = al2 = (a & 0xffff) | (b << 16);
16184
-
16185
- h = ah3;
16186
- l = al3;
16187
-
16188
- a = l & 0xffff; b = l >>> 16;
16189
- c = h & 0xffff; d = h >>> 16;
16190
-
16191
- h = hh[3];
16192
- l = hl[3];
16193
-
16194
- a += l & 0xffff; b += l >>> 16;
16195
- c += h & 0xffff; d += h >>> 16;
16196
-
16197
- b += a >>> 16;
16198
- c += b >>> 16;
16199
- d += c >>> 16;
16200
-
16201
- hh[3] = ah3 = (c & 0xffff) | (d << 16);
16202
- hl[3] = al3 = (a & 0xffff) | (b << 16);
16203
-
16204
- h = ah4;
16205
- l = al4;
16206
-
16207
- a = l & 0xffff; b = l >>> 16;
16208
- c = h & 0xffff; d = h >>> 16;
16209
-
16210
- h = hh[4];
16211
- l = hl[4];
16212
-
16213
- a += l & 0xffff; b += l >>> 16;
16214
- c += h & 0xffff; d += h >>> 16;
16215
-
16216
- b += a >>> 16;
16217
- c += b >>> 16;
16218
- d += c >>> 16;
16219
-
16220
- hh[4] = ah4 = (c & 0xffff) | (d << 16);
16221
- hl[4] = al4 = (a & 0xffff) | (b << 16);
16222
-
16223
- h = ah5;
16224
- l = al5;
16225
-
16226
- a = l & 0xffff; b = l >>> 16;
16227
- c = h & 0xffff; d = h >>> 16;
16228
-
16229
- h = hh[5];
16230
- l = hl[5];
16231
-
16232
- a += l & 0xffff; b += l >>> 16;
16233
- c += h & 0xffff; d += h >>> 16;
16234
-
16235
- b += a >>> 16;
16236
- c += b >>> 16;
16237
- d += c >>> 16;
16238
-
16239
- hh[5] = ah5 = (c & 0xffff) | (d << 16);
16240
- hl[5] = al5 = (a & 0xffff) | (b << 16);
16241
-
16242
- h = ah6;
16243
- l = al6;
16244
-
16245
- a = l & 0xffff; b = l >>> 16;
16246
- c = h & 0xffff; d = h >>> 16;
16247
-
16248
- h = hh[6];
16249
- l = hl[6];
16250
-
16251
- a += l & 0xffff; b += l >>> 16;
16252
- c += h & 0xffff; d += h >>> 16;
16253
-
16254
- b += a >>> 16;
16255
- c += b >>> 16;
16256
- d += c >>> 16;
16257
-
16258
- hh[6] = ah6 = (c & 0xffff) | (d << 16);
16259
- hl[6] = al6 = (a & 0xffff) | (b << 16);
16260
-
16261
- h = ah7;
16262
- l = al7;
16263
-
16264
- a = l & 0xffff; b = l >>> 16;
16265
- c = h & 0xffff; d = h >>> 16;
16266
-
16267
- h = hh[7];
16268
- l = hl[7];
16269
-
16270
- a += l & 0xffff; b += l >>> 16;
16271
- c += h & 0xffff; d += h >>> 16;
16272
-
16273
- b += a >>> 16;
16274
- c += b >>> 16;
16275
- d += c >>> 16;
16276
-
16277
- hh[7] = ah7 = (c & 0xffff) | (d << 16);
16278
- hl[7] = al7 = (a & 0xffff) | (b << 16);
16279
-
16280
- pos += 128;
16281
- n -= 128;
16282
- }
16283
-
16284
- return n;
16285
- }
16286
-
16287
- function crypto_hash(out, m, n) {
16288
- var hh = new Int32Array(8),
16289
- hl = new Int32Array(8),
16290
- x = new Uint8Array(256),
16291
- i, b = n;
16292
-
16293
- hh[0] = 0x6a09e667;
16294
- hh[1] = 0xbb67ae85;
16295
- hh[2] = 0x3c6ef372;
16296
- hh[3] = 0xa54ff53a;
16297
- hh[4] = 0x510e527f;
16298
- hh[5] = 0x9b05688c;
16299
- hh[6] = 0x1f83d9ab;
16300
- hh[7] = 0x5be0cd19;
16301
-
16302
- hl[0] = 0xf3bcc908;
16303
- hl[1] = 0x84caa73b;
16304
- hl[2] = 0xfe94f82b;
16305
- hl[3] = 0x5f1d36f1;
16306
- hl[4] = 0xade682d1;
16307
- hl[5] = 0x2b3e6c1f;
16308
- hl[6] = 0xfb41bd6b;
16309
- hl[7] = 0x137e2179;
16310
-
16311
- crypto_hashblocks_hl(hh, hl, m, n);
16312
- n %= 128;
16313
-
16314
- for (i = 0; i < n; i++) x[i] = m[b-n+i];
16315
- x[n] = 128;
16316
-
16317
- n = 256-128*(n<112?1:0);
16318
- x[n-9] = 0;
16319
- ts64(x, n-8, (b / 0x20000000) | 0, b << 3);
16320
- crypto_hashblocks_hl(hh, hl, x, n);
16321
-
16322
- for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]);
16323
-
16324
- return 0;
16325
- }
16326
-
16327
- function add(p, q) {
16328
- var a = gf(), b = gf(), c = gf(),
16329
- d = gf(), e = gf(), f = gf(),
16330
- g = gf(), h = gf(), t = gf();
16331
-
16332
- Z(a, p[1], p[0]);
16333
- Z(t, q[1], q[0]);
16334
- M(a, a, t);
16335
- A(b, p[0], p[1]);
16336
- A(t, q[0], q[1]);
16337
- M(b, b, t);
16338
- M(c, p[3], q[3]);
16339
- M(c, c, D2);
16340
- M(d, p[2], q[2]);
16341
- A(d, d, d);
16342
- Z(e, b, a);
16343
- Z(f, d, c);
16344
- A(g, d, c);
16345
- A(h, b, a);
16346
-
16347
- M(p[0], e, f);
16348
- M(p[1], h, g);
16349
- M(p[2], g, f);
16350
- M(p[3], e, h);
16351
- }
16352
-
16353
- function cswap(p, q, b) {
16354
- var i;
16355
- for (i = 0; i < 4; i++) {
16356
- sel25519(p[i], q[i], b);
16357
- }
16358
- }
16359
-
16360
- function pack(r, p) {
16361
- var tx = gf(), ty = gf(), zi = gf();
16362
- inv25519(zi, p[2]);
16363
- M(tx, p[0], zi);
16364
- M(ty, p[1], zi);
16365
- pack25519(r, ty);
16366
- r[31] ^= par25519(tx) << 7;
16367
- }
16368
-
16369
- function scalarmult(p, q, s) {
16370
- var b, i;
16371
- set25519(p[0], gf0);
16372
- set25519(p[1], gf1);
16373
- set25519(p[2], gf1);
16374
- set25519(p[3], gf0);
16375
- for (i = 255; i >= 0; --i) {
16376
- b = (s[(i/8)|0] >> (i&7)) & 1;
16377
- cswap(p, q, b);
16378
- add(q, p);
16379
- add(p, p);
16380
- cswap(p, q, b);
16381
- }
16382
- }
16383
-
16384
- function scalarbase(p, s) {
16385
- var q = [gf(), gf(), gf(), gf()];
16386
- set25519(q[0], X);
16387
- set25519(q[1], Y);
16388
- set25519(q[2], gf1);
16389
- M(q[3], X, Y);
16390
- scalarmult(p, q, s);
16391
- }
16392
-
16393
- function crypto_sign_keypair(pk, sk, seeded) {
16394
- var d = new Uint8Array(64);
16395
- var p = [gf(), gf(), gf(), gf()];
16396
- var i;
16397
-
16398
- if (!seeded) randombytes(sk, 32);
16399
- crypto_hash(d, sk, 32);
16400
- d[0] &= 248;
16401
- d[31] &= 127;
16402
- d[31] |= 64;
16403
-
16404
- scalarbase(p, d);
16405
- pack(pk, p);
16406
-
16407
- for (i = 0; i < 32; i++) sk[i+32] = pk[i];
16408
- return 0;
16409
- }
16410
-
16411
- var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);
16412
-
16413
- function modL(r, x) {
16414
- var carry, i, j, k;
16415
- for (i = 63; i >= 32; --i) {
16416
- carry = 0;
16417
- for (j = i - 32, k = i - 12; j < k; ++j) {
16418
- x[j] += carry - 16 * x[i] * L[j - (i - 32)];
16419
- carry = Math.floor((x[j] + 128) / 256);
16420
- x[j] -= carry * 256;
16421
- }
16422
- x[j] += carry;
16423
- x[i] = 0;
16424
- }
16425
- carry = 0;
16426
- for (j = 0; j < 32; j++) {
16427
- x[j] += carry - (x[31] >> 4) * L[j];
16428
- carry = x[j] >> 8;
16429
- x[j] &= 255;
16430
- }
16431
- for (j = 0; j < 32; j++) x[j] -= carry * L[j];
16432
- for (i = 0; i < 32; i++) {
16433
- x[i+1] += x[i] >> 8;
16434
- r[i] = x[i] & 255;
16435
- }
16436
- }
16437
-
16438
- function reduce(r) {
16439
- var x = new Float64Array(64), i;
16440
- for (i = 0; i < 64; i++) x[i] = r[i];
16441
- for (i = 0; i < 64; i++) r[i] = 0;
16442
- modL(r, x);
16443
- }
16444
-
16445
- // Note: difference from C - smlen returned, not passed as argument.
16446
- function crypto_sign(sm, m, n, sk) {
16447
- var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);
16448
- var i, j, x = new Float64Array(64);
16449
- var p = [gf(), gf(), gf(), gf()];
16450
-
16451
- crypto_hash(d, sk, 32);
16452
- d[0] &= 248;
16453
- d[31] &= 127;
16454
- d[31] |= 64;
16455
-
16456
- var smlen = n + 64;
16457
- for (i = 0; i < n; i++) sm[64 + i] = m[i];
16458
- for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i];
16459
-
16460
- crypto_hash(r, sm.subarray(32), n+32);
16461
- reduce(r);
16462
- scalarbase(p, r);
16463
- pack(sm, p);
16464
-
16465
- for (i = 32; i < 64; i++) sm[i] = sk[i];
16466
- crypto_hash(h, sm, n + 64);
16467
- reduce(h);
16468
-
16469
- for (i = 0; i < 64; i++) x[i] = 0;
16470
- for (i = 0; i < 32; i++) x[i] = r[i];
16471
- for (i = 0; i < 32; i++) {
16472
- for (j = 0; j < 32; j++) {
16473
- x[i+j] += h[i] * d[j];
16474
- }
16475
- }
16476
-
16477
- modL(sm.subarray(32), x);
16478
- return smlen;
16479
- }
16480
-
16481
- function unpackneg(r, p) {
16482
- var t = gf(), chk = gf(), num = gf(),
16483
- den = gf(), den2 = gf(), den4 = gf(),
16484
- den6 = gf();
16485
-
16486
- set25519(r[2], gf1);
16487
- unpack25519(r[1], p);
16488
- S(num, r[1]);
16489
- M(den, num, D);
16490
- Z(num, num, r[2]);
16491
- A(den, r[2], den);
16492
-
16493
- S(den2, den);
16494
- S(den4, den2);
16495
- M(den6, den4, den2);
16496
- M(t, den6, num);
16497
- M(t, t, den);
16498
-
16499
- pow2523(t, t);
16500
- M(t, t, num);
16501
- M(t, t, den);
16502
- M(t, t, den);
16503
- M(r[0], t, den);
16504
-
16505
- S(chk, r[0]);
16506
- M(chk, chk, den);
16507
- if (neq25519(chk, num)) M(r[0], r[0], I);
16508
-
16509
- S(chk, r[0]);
16510
- M(chk, chk, den);
16511
- if (neq25519(chk, num)) return -1;
16512
-
16513
- if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]);
16514
-
16515
- M(r[3], r[0], r[1]);
16516
- return 0;
16517
- }
16518
-
16519
- function crypto_sign_open(m, sm, n, pk) {
16520
- var i;
16521
- var t = new Uint8Array(32), h = new Uint8Array(64);
16522
- var p = [gf(), gf(), gf(), gf()],
16523
- q = [gf(), gf(), gf(), gf()];
16524
-
16525
- if (n < 64) return -1;
16526
-
16527
- if (unpackneg(q, pk)) return -1;
16528
-
16529
- for (i = 0; i < n; i++) m[i] = sm[i];
16530
- for (i = 0; i < 32; i++) m[i+32] = pk[i];
16531
- crypto_hash(h, m, n);
16532
- reduce(h);
16533
- scalarmult(p, q, h);
16534
-
16535
- scalarbase(q, sm.subarray(32));
16536
- add(p, q);
16537
- pack(t, p);
16538
-
16539
- n -= 64;
16540
- if (crypto_verify_32(sm, 0, t, 0)) {
16541
- for (i = 0; i < n; i++) m[i] = 0;
16542
- return -1;
16543
- }
16544
-
16545
- for (i = 0; i < n; i++) m[i] = sm[i + 64];
16546
- return n;
16547
- }
16548
-
16549
- var crypto_secretbox_KEYBYTES = 32,
16550
- crypto_secretbox_NONCEBYTES = 24,
16551
- crypto_secretbox_ZEROBYTES = 32,
16552
- crypto_secretbox_BOXZEROBYTES = 16,
16553
- crypto_scalarmult_BYTES = 32,
16554
- crypto_scalarmult_SCALARBYTES = 32,
16555
- crypto_box_PUBLICKEYBYTES = 32,
16556
- crypto_box_SECRETKEYBYTES = 32,
16557
- crypto_box_BEFORENMBYTES = 32,
16558
- crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES,
16559
- crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES,
16560
- crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES,
16561
- crypto_sign_BYTES = 64,
16562
- crypto_sign_PUBLICKEYBYTES = 32,
16563
- crypto_sign_SECRETKEYBYTES = 64,
16564
- crypto_sign_SEEDBYTES = 32,
16565
- crypto_hash_BYTES = 64;
16566
-
16567
- nacl.lowlevel = {
16568
- crypto_core_hsalsa20: crypto_core_hsalsa20,
16569
- crypto_stream_xor: crypto_stream_xor,
16570
- crypto_stream: crypto_stream,
16571
- crypto_stream_salsa20_xor: crypto_stream_salsa20_xor,
16572
- crypto_stream_salsa20: crypto_stream_salsa20,
16573
- crypto_onetimeauth: crypto_onetimeauth,
16574
- crypto_onetimeauth_verify: crypto_onetimeauth_verify,
16575
- crypto_verify_16: crypto_verify_16,
16576
- crypto_verify_32: crypto_verify_32,
16577
- crypto_secretbox: crypto_secretbox,
16578
- crypto_secretbox_open: crypto_secretbox_open,
16579
- crypto_scalarmult: crypto_scalarmult,
16580
- crypto_scalarmult_base: crypto_scalarmult_base,
16581
- crypto_box_beforenm: crypto_box_beforenm,
16582
- crypto_box_afternm: crypto_box_afternm,
16583
- crypto_box: crypto_box,
16584
- crypto_box_open: crypto_box_open,
16585
- crypto_box_keypair: crypto_box_keypair,
16586
- crypto_hash: crypto_hash,
16587
- crypto_sign: crypto_sign,
16588
- crypto_sign_keypair: crypto_sign_keypair,
16589
- crypto_sign_open: crypto_sign_open,
16590
-
16591
- crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES,
16592
- crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES,
16593
- crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES,
16594
- crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES,
16595
- crypto_scalarmult_BYTES: crypto_scalarmult_BYTES,
16596
- crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES,
16597
- crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES,
16598
- crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES,
16599
- crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES,
16600
- crypto_box_NONCEBYTES: crypto_box_NONCEBYTES,
16601
- crypto_box_ZEROBYTES: crypto_box_ZEROBYTES,
16602
- crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES,
16603
- crypto_sign_BYTES: crypto_sign_BYTES,
16604
- crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES,
16605
- crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES,
16606
- crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES,
16607
- crypto_hash_BYTES: crypto_hash_BYTES,
16608
-
16609
- gf: gf,
16610
- D: D,
16611
- L: L,
16612
- pack25519: pack25519,
16613
- unpack25519: unpack25519,
16614
- M: M,
16615
- A: A,
16616
- S: S,
16617
- Z: Z,
16618
- pow2523: pow2523,
16619
- add: add,
16620
- set25519: set25519,
16621
- modL: modL,
16622
- scalarmult: scalarmult,
16623
- scalarbase: scalarbase,
16624
- };
16625
-
16626
- /* High-level API */
16627
-
16628
- function checkLengths(k, n) {
16629
- if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size');
16630
- if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size');
16631
- }
16632
-
16633
- function checkBoxLengths(pk, sk) {
16634
- if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size');
16635
- if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size');
16636
- }
16637
-
16638
- function checkArrayTypes() {
16639
- for (var i = 0; i < arguments.length; i++) {
16640
- if (!(arguments[i] instanceof Uint8Array))
16641
- throw new TypeError('unexpected type, use Uint8Array');
16642
- }
16643
- }
16644
-
16645
- function cleanup(arr) {
16646
- for (var i = 0; i < arr.length; i++) arr[i] = 0;
16647
- }
16648
-
16649
- nacl.randomBytes = function(n) {
16650
- var b = new Uint8Array(n);
16651
- randombytes(b, n);
16652
- return b;
16653
- };
16654
-
16655
- nacl.secretbox = function(msg, nonce, key) {
16656
- checkArrayTypes(msg, nonce, key);
16657
- checkLengths(key, nonce);
16658
- var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length);
16659
- var c = new Uint8Array(m.length);
16660
- for (var i = 0; i < msg.length; i++) m[i+crypto_secretbox_ZEROBYTES] = msg[i];
16661
- crypto_secretbox(c, m, m.length, nonce, key);
16662
- return c.subarray(crypto_secretbox_BOXZEROBYTES);
16663
- };
16664
-
16665
- nacl.secretbox.open = function(box, nonce, key) {
16666
- checkArrayTypes(box, nonce, key);
16667
- checkLengths(key, nonce);
16668
- var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length);
16669
- var m = new Uint8Array(c.length);
16670
- for (var i = 0; i < box.length; i++) c[i+crypto_secretbox_BOXZEROBYTES] = box[i];
16671
- if (c.length < 32) return null;
16672
- if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return null;
16673
- return m.subarray(crypto_secretbox_ZEROBYTES);
16674
- };
16675
-
16676
- nacl.secretbox.keyLength = crypto_secretbox_KEYBYTES;
16677
- nacl.secretbox.nonceLength = crypto_secretbox_NONCEBYTES;
16678
- nacl.secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES;
16679
-
16680
- nacl.scalarMult = function(n, p) {
16681
- checkArrayTypes(n, p);
16682
- if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
16683
- if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');
16684
- var q = new Uint8Array(crypto_scalarmult_BYTES);
16685
- crypto_scalarmult(q, n, p);
16686
- return q;
16687
- };
16688
-
16689
- nacl.scalarMult.base = function(n) {
16690
- checkArrayTypes(n);
16691
- if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
16692
- var q = new Uint8Array(crypto_scalarmult_BYTES);
16693
- crypto_scalarmult_base(q, n);
16694
- return q;
16695
- };
16696
-
16697
- nacl.scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES;
16698
- nacl.scalarMult.groupElementLength = crypto_scalarmult_BYTES;
16699
-
16700
- nacl.box = function(msg, nonce, publicKey, secretKey) {
16701
- var k = nacl.box.before(publicKey, secretKey);
16702
- return nacl.secretbox(msg, nonce, k);
16703
- };
16704
-
16705
- nacl.box.before = function(publicKey, secretKey) {
16706
- checkArrayTypes(publicKey, secretKey);
16707
- checkBoxLengths(publicKey, secretKey);
16708
- var k = new Uint8Array(crypto_box_BEFORENMBYTES);
16709
- crypto_box_beforenm(k, publicKey, secretKey);
16710
- return k;
16711
- };
16712
-
16713
- nacl.box.after = nacl.secretbox;
16714
-
16715
- nacl.box.open = function(msg, nonce, publicKey, secretKey) {
16716
- var k = nacl.box.before(publicKey, secretKey);
16717
- return nacl.secretbox.open(msg, nonce, k);
16718
- };
16719
-
16720
- nacl.box.open.after = nacl.secretbox.open;
16721
-
16722
- nacl.box.keyPair = function() {
16723
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
16724
- var sk = new Uint8Array(crypto_box_SECRETKEYBYTES);
16725
- crypto_box_keypair(pk, sk);
16726
- return {publicKey: pk, secretKey: sk};
16727
- };
16728
-
16729
- nacl.box.keyPair.fromSecretKey = function(secretKey) {
16730
- checkArrayTypes(secretKey);
16731
- if (secretKey.length !== crypto_box_SECRETKEYBYTES)
16732
- throw new Error('bad secret key size');
16733
- var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES);
16734
- crypto_scalarmult_base(pk, secretKey);
16735
- return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
16736
- };
16737
-
16738
- nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES;
16739
- nacl.box.secretKeyLength = crypto_box_SECRETKEYBYTES;
16740
- nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES;
16741
- nacl.box.nonceLength = crypto_box_NONCEBYTES;
16742
- nacl.box.overheadLength = nacl.secretbox.overheadLength;
16743
-
16744
- nacl.sign = function(msg, secretKey) {
16745
- checkArrayTypes(msg, secretKey);
16746
- if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
16747
- throw new Error('bad secret key size');
16748
- var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length);
16749
- crypto_sign(signedMsg, msg, msg.length, secretKey);
16750
- return signedMsg;
16751
- };
16752
-
16753
- nacl.sign.open = function(signedMsg, publicKey) {
16754
- checkArrayTypes(signedMsg, publicKey);
16755
- if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
16756
- throw new Error('bad public key size');
16757
- var tmp = new Uint8Array(signedMsg.length);
16758
- var mlen = crypto_sign_open(tmp, signedMsg, signedMsg.length, publicKey);
16759
- if (mlen < 0) return null;
16760
- var m = new Uint8Array(mlen);
16761
- for (var i = 0; i < m.length; i++) m[i] = tmp[i];
16762
- return m;
16763
- };
16764
-
16765
- nacl.sign.detached = function(msg, secretKey) {
16766
- var signedMsg = nacl.sign(msg, secretKey);
16767
- var sig = new Uint8Array(crypto_sign_BYTES);
16768
- for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i];
16769
- return sig;
16770
- };
16771
-
16772
- nacl.sign.detached.verify = function(msg, sig, publicKey) {
16773
- checkArrayTypes(msg, sig, publicKey);
16774
- if (sig.length !== crypto_sign_BYTES)
16775
- throw new Error('bad signature size');
16776
- if (publicKey.length !== crypto_sign_PUBLICKEYBYTES)
16777
- throw new Error('bad public key size');
16778
- var sm = new Uint8Array(crypto_sign_BYTES + msg.length);
16779
- var m = new Uint8Array(crypto_sign_BYTES + msg.length);
16780
- var i;
16781
- for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i];
16782
- for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i];
16783
- return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);
16784
- };
16785
-
16786
- nacl.sign.keyPair = function() {
16787
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16788
- var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
16789
- crypto_sign_keypair(pk, sk);
16790
- return {publicKey: pk, secretKey: sk};
16791
- };
16792
-
16793
- nacl.sign.keyPair.fromSecretKey = function(secretKey) {
16794
- checkArrayTypes(secretKey);
16795
- if (secretKey.length !== crypto_sign_SECRETKEYBYTES)
16796
- throw new Error('bad secret key size');
16797
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16798
- for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i];
16799
- return {publicKey: pk, secretKey: new Uint8Array(secretKey)};
16800
- };
16801
-
16802
- nacl.sign.keyPair.fromSeed = function(seed) {
16803
- checkArrayTypes(seed);
16804
- if (seed.length !== crypto_sign_SEEDBYTES)
16805
- throw new Error('bad seed size');
16806
- var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
16807
- var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
16808
- for (var i = 0; i < 32; i++) sk[i] = seed[i];
16809
- crypto_sign_keypair(pk, sk, true);
16810
- return {publicKey: pk, secretKey: sk};
16811
- };
16812
-
16813
- nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
16814
- nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;
16815
- nacl.sign.seedLength = crypto_sign_SEEDBYTES;
16816
- nacl.sign.signatureLength = crypto_sign_BYTES;
16817
-
16818
- nacl.hash = function(msg) {
16819
- checkArrayTypes(msg);
16820
- var h = new Uint8Array(crypto_hash_BYTES);
16821
- crypto_hash(h, msg, msg.length);
16822
- return h;
16823
- };
16824
-
16825
- nacl.hash.hashLength = crypto_hash_BYTES;
16826
-
16827
- nacl.verify = function(x, y) {
16828
- checkArrayTypes(x, y);
16829
- // Zero length arguments are considered not equal.
16830
- if (x.length === 0 || y.length === 0) return false;
16831
- if (x.length !== y.length) return false;
16832
- return (vn(x, 0, y, 0, x.length) === 0) ? true : false;
16833
- };
16834
-
16835
- nacl.setPRNG = function(fn) {
16836
- randombytes = fn;
16837
- };
16838
-
16839
- (function() {
16840
- // Initialize PRNG if environment provides CSPRNG.
16841
- // If not, methods calling randombytes will throw.
16842
- var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null;
16843
- if (crypto && crypto.getRandomValues) {
16844
- // Browsers.
16845
- var QUOTA = 65536;
16846
- nacl.setPRNG(function(x, n) {
16847
- var i, v = new Uint8Array(n);
16848
- for (i = 0; i < n; i += QUOTA) {
16849
- crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));
16850
- }
16851
- for (i = 0; i < n; i++) x[i] = v[i];
16852
- cleanup(v);
16853
- });
16854
- } else if (typeof commonjsRequire !== 'undefined') {
16855
- // Node.js.
16856
- crypto = require$$0;
16857
- if (crypto && crypto.randomBytes) {
16858
- nacl.setPRNG(function(x, n) {
16859
- var i, v = crypto.randomBytes(n);
16860
- for (i = 0; i < n; i++) x[i] = v[i];
16861
- cleanup(v);
16862
- });
16863
- }
16864
- }
16865
- })();
16866
-
16867
- })(module.exports ? module.exports : (self.nacl = self.nacl || {}));
16868
- } (naclFast));
16869
- return naclFast.exports;
16870
- }
16871
-
16872
- var naclFastExports = requireNaclFast();
16873
- var nacl = /*@__PURE__*/getDefaultExportFromCjs$1(naclFastExports);
16874
-
16875
14499
  const DEVICE_ID_KEY = 'poofnet:deviceId';
16876
14500
  const WALLETS_KEY = (appId) => `poofnet:mockWallets:${appId}`;
16877
14501
  const AUTH_METHOD = 'poofnet-mock';
@@ -18477,7 +16101,7 @@ async function loadDependencies() {
18477
16101
  const [reactModule, reactDomModule, phantomModule] = await Promise.all([
18478
16102
  import('react'),
18479
16103
  import('react-dom/client'),
18480
- Promise.resolve().then(function () { return require('./index-CEADZ0na.js'); })
16104
+ Promise.resolve().then(function () { return require('./index-Aw2d-l7b.js'); })
18481
16105
  ]);
18482
16106
  // Extract default export from ESM module namespace
18483
16107
  // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -18928,19 +16552,9 @@ class PhantomWalletProvider {
18928
16552
  that.awaitTopLevelConnect();
18929
16553
  return;
18930
16554
  }
18931
- // C2: pre-warm Chrome's Local Network Access permission inside the
18932
- // tap gesture, so its prompt appears up-front instead of on return
18933
- // from the wallet (MWA opens a ws://localhost reflector only after
18934
- // the app-switch, which is why the prompt currently lands on return).
18935
- // Best-effort, Android top-level only. DEVICE-TEST: confirm Chrome
18936
- // grants this per-origin (so MWA's later random-port socket reuses
18937
- // it). If LNA turns out to be per-port, this won't pre-grant — cut it.
18938
- if (detectAndroid() && typeof WebSocket !== 'undefined') {
18939
- try {
18940
- new WebSocket('ws://localhost:1');
18941
- }
18942
- catch ( /* noop */_a) { /* noop */ }
18943
- }
16555
+ // LNA permission is handled by @solana-mobile/wallet-standard-mobile
16556
+ // >=0.5.0's checkLocalNetworkAccessPermission (three-stage UX, fired
16557
+ // before the localhost reflector opens). No homemade pre-warm needed.
18944
16558
  if (that.onSwitchToMWA) {
18945
16559
  try {
18946
16560
  const mwaProvider = await that.onSwitchToMWA();
@@ -23243,26 +20857,16 @@ function requireSrc () {
23243
20857
  return src;
23244
20858
  }
23245
20859
 
23246
- var bs58;
23247
- var hasRequiredBs58;
23248
-
23249
- function requireBs58 () {
23250
- if (hasRequiredBs58) return bs58;
23251
- hasRequiredBs58 = 1;
23252
- var basex = requireSrc();
23253
- var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
23254
-
23255
- bs58 = basex(ALPHABET);
23256
- return bs58;
23257
- }
20860
+ var srcExports = requireSrc();
20861
+ var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
23258
20862
 
23259
- var bs58Exports = requireBs58();
23260
- var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
20863
+ var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
20864
+ var base58 = basex(ALPHABET);
23261
20865
 
23262
- var index = /*#__PURE__*/_mergeNamespaces({
20866
+ var index = /*#__PURE__*/Object.freeze({
23263
20867
  __proto__: null,
23264
20868
  default: base58
23265
- }, [bs58Exports]);
20869
+ });
23266
20870
 
23267
20871
  const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
23268
20872
  let React;
@@ -24678,7 +22282,7 @@ async function registerMobileWalletAdapter(config) {
24678
22282
  if (typeof window === 'undefined')
24679
22283
  return;
24680
22284
  try {
24681
- const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-C9AVHEa4.js'); });
22285
+ const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DIbh5a17.js'); });
24682
22286
  const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
24683
22287
  if (!registerMwa) {
24684
22288
  console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -24817,7 +22421,7 @@ class SolanaMobileWalletProvider {
24817
22421
  async ensureWallet() {
24818
22422
  if (this.wallet)
24819
22423
  return this.wallet;
24820
- const mod = await Promise.resolve().then(function () { return require('./index.browser-C9AVHEa4.js'); });
22424
+ const mod = await Promise.resolve().then(function () { return require('./index.browser-DIbh5a17.js'); });
24821
22425
  const chain = mapChainToWalletStandard(this.cluster);
24822
22426
  this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
24823
22427
  appIdentity: this.appIdentity,
@@ -26068,4 +23672,4 @@ exports.signTransaction = signTransaction;
26068
23672
  exports.subscribe = subscribe;
26069
23673
  exports.useAuth = useAuth;
26070
23674
  exports.usePoofnetWallet = usePoofnetWallet;
26071
- //# sourceMappingURL=index-DHI02_l_.js.map
23675
+ //# sourceMappingURL=index-CNeBXwNA.js.map