npm - shogun-core - Versions diffs - 5.2.0 → 5.2.1 - Mend

shogun-core 5.2.0 → 5.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (185) hide show

package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js +1220 -0
package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js +844 -0
package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js +2335 -0
package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js +999 -0
package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js +1651 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js +825 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js +508 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js +747 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js +1608 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js +2117 -0
package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js +86 -0
package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js.map +1 -0
package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js +539 -0
package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/shogun-core.js +160386 -0
package/dist/browser/shogun-core.js.map +1 -0
package/dist/config/simplified-config.js +236 -0
package/dist/core.js +329 -0
package/dist/crypto/asymmetric.js +99 -0
package/dist/crypto/double-ratchet.js +370 -0
package/dist/crypto/file-encryption.js +213 -0
package/dist/crypto/hashing.js +87 -0
package/dist/crypto/index.js +34 -0
package/dist/crypto/mls-codec.js +202 -0
package/dist/crypto/mls.js +550 -0
package/dist/crypto/pgp.js +390 -0
package/dist/crypto/random-generation.js +341 -0
package/dist/crypto/sframe.js +350 -0
package/dist/crypto/signal-protocol.js +376 -0
package/dist/crypto/symmetric.js +91 -0
package/dist/crypto/types.js +2 -0
package/dist/crypto/utils.js +140 -0
package/dist/examples/auth-test.js +253 -0
package/dist/examples/crypto-identity-example.js +151 -0
package/dist/examples/crypto-working-test.js +83 -0
package/dist/examples/double-ratchet-test.js +155 -0
package/dist/examples/mls-advanced-example.js +294 -0
package/dist/examples/mls-sframe-test.js +304 -0
package/dist/examples/pgp-example.js +200 -0
package/dist/examples/quick-auth-test.js +61 -0
package/dist/examples/random-generation-test.js +151 -0
package/dist/examples/signal-protocol-test.js +38 -0
package/dist/examples/simple-api-test.js +114 -0
package/dist/examples/simple-crypto-identity-example.js +84 -0
package/dist/examples/timeout-test.js +227 -0
package/dist/examples/zkproof-credentials-example.js +212 -0
package/dist/examples/zkproof-example.js +201 -0
package/dist/gundb/api.js +435 -0
package/dist/gundb/crypto.js +283 -0
package/dist/gundb/db.js +1946 -0
package/dist/gundb/derive.js +232 -0
package/dist/gundb/errors.js +76 -0
package/dist/gundb/index.js +22 -0
package/dist/gundb/rxjs.js +447 -0
package/dist/gundb/types.js +5 -0
package/dist/index.js +58 -0
package/dist/interfaces/common.js +2 -0
package/dist/interfaces/events.js +40 -0
package/dist/interfaces/plugin.js +2 -0
package/dist/interfaces/shogun.js +37 -0
package/dist/managers/AuthManager.js +226 -0
package/dist/managers/CoreInitializer.js +228 -0
package/dist/managers/CryptoIdentityManager.js +366 -0
package/dist/managers/EventManager.js +70 -0
package/dist/managers/PluginManager.js +299 -0
package/dist/plugins/base.js +50 -0
package/dist/plugins/index.js +32 -0
package/dist/plugins/nostr/index.js +20 -0
package/dist/plugins/nostr/nostrConnector.js +419 -0
package/dist/plugins/nostr/nostrConnectorPlugin.js +453 -0
package/dist/plugins/nostr/nostrSigner.js +319 -0
package/dist/plugins/nostr/types.js +2 -0
package/dist/plugins/smartwallet/index.js +18 -0
package/dist/plugins/smartwallet/smartWalletPlugin.js +511 -0
package/dist/plugins/smartwallet/types.js +2 -0
package/dist/plugins/web3/index.js +20 -0
package/dist/plugins/web3/types.js +2 -0
package/dist/plugins/web3/web3Connector.js +533 -0
package/dist/plugins/web3/web3ConnectorPlugin.js +455 -0
package/dist/plugins/web3/web3Signer.js +314 -0
package/dist/plugins/webauthn/index.js +19 -0
package/dist/plugins/webauthn/types.js +14 -0
package/dist/plugins/webauthn/webauthn.js +496 -0
package/dist/plugins/webauthn/webauthnPlugin.js +489 -0
package/dist/plugins/webauthn/webauthnSigner.js +310 -0
package/dist/plugins/zkproof/index.js +53 -0
package/dist/plugins/zkproof/types.js +2 -0
package/dist/plugins/zkproof/zkCredentials.js +213 -0
package/dist/plugins/zkproof/zkProofConnector.js +198 -0
package/dist/plugins/zkproof/zkProofPlugin.js +272 -0
package/dist/storage/storage.js +145 -0
package/dist/types/config/simplified-config.d.ts +114 -0
package/dist/types/core.d.ts +305 -0
package/dist/types/crypto/asymmetric.d.ts +6 -0
package/dist/types/crypto/double-ratchet.d.ts +22 -0
package/dist/types/crypto/file-encryption.d.ts +19 -0
package/dist/types/crypto/hashing.d.ts +9 -0
package/dist/types/crypto/index.d.ts +13 -0
package/dist/types/crypto/mls-codec.d.ts +39 -0
package/dist/types/crypto/mls.d.ts +130 -0
package/dist/types/crypto/pgp.d.ts +95 -0
package/dist/types/crypto/random-generation.d.ts +35 -0
package/dist/types/crypto/sframe.d.ts +102 -0
package/dist/types/crypto/signal-protocol.d.ts +26 -0
package/dist/types/crypto/symmetric.d.ts +9 -0
package/dist/types/crypto/types.d.ts +144 -0
package/dist/types/crypto/utils.d.ts +22 -0
package/dist/types/examples/auth-test.d.ts +8 -0
package/dist/types/examples/crypto-identity-example.d.ts +5 -0
package/dist/types/examples/crypto-working-test.d.ts +1 -0
package/dist/types/examples/double-ratchet-test.d.ts +1 -0
package/dist/types/examples/mls-advanced-example.d.ts +53 -0
package/dist/types/examples/mls-sframe-test.d.ts +1 -0
package/dist/types/examples/pgp-example.d.ts +75 -0
package/dist/types/examples/quick-auth-test.d.ts +8 -0
package/dist/types/examples/random-generation-test.d.ts +1 -0
package/dist/types/examples/signal-protocol-test.d.ts +1 -0
package/dist/types/examples/simple-api-test.d.ts +10 -0
package/dist/types/examples/simple-crypto-identity-example.d.ts +6 -0
package/dist/types/examples/timeout-test.d.ts +8 -0
package/dist/types/examples/zkproof-credentials-example.d.ts +12 -0
package/dist/types/examples/zkproof-example.d.ts +11 -0
package/dist/types/gundb/api.d.ts +185 -0
package/dist/types/gundb/crypto.d.ts +95 -0
package/dist/types/gundb/db.d.ts +397 -0
package/dist/types/gundb/derive.d.ts +21 -0
package/dist/types/gundb/errors.d.ts +42 -0
package/dist/types/gundb/index.d.ts +3 -0
package/dist/types/gundb/rxjs.d.ts +110 -0
package/dist/types/gundb/types.d.ts +255 -0
package/dist/types/index.d.ts +16 -0
package/dist/types/interfaces/common.d.ts +85 -0
package/dist/types/interfaces/events.d.ts +131 -0
package/dist/types/interfaces/plugin.d.ts +162 -0
package/dist/types/interfaces/shogun.d.ts +208 -0
package/dist/types/managers/AuthManager.d.ts +72 -0
package/dist/types/managers/CoreInitializer.d.ts +40 -0
package/dist/types/managers/CryptoIdentityManager.d.ts +102 -0
package/dist/types/managers/EventManager.d.ts +49 -0
package/dist/types/managers/PluginManager.d.ts +145 -0
package/dist/types/plugins/base.d.ts +35 -0
package/dist/types/plugins/index.d.ts +18 -0
package/dist/types/plugins/nostr/index.d.ts +4 -0
package/dist/types/plugins/nostr/nostrConnector.d.ts +119 -0
package/dist/types/plugins/nostr/nostrConnectorPlugin.d.ts +163 -0
package/dist/types/plugins/nostr/nostrSigner.d.ts +105 -0
package/dist/types/plugins/nostr/types.d.ts +122 -0
package/dist/types/plugins/smartwallet/index.d.ts +2 -0
package/dist/types/plugins/smartwallet/smartWalletPlugin.d.ts +67 -0
package/dist/types/plugins/smartwallet/types.d.ts +80 -0
package/dist/types/plugins/web3/index.d.ts +4 -0
package/dist/types/plugins/web3/types.d.ts +107 -0
package/dist/types/plugins/web3/web3Connector.d.ts +129 -0
package/dist/types/plugins/web3/web3ConnectorPlugin.d.ts +160 -0
package/dist/types/plugins/web3/web3Signer.d.ts +114 -0
package/dist/types/plugins/webauthn/index.d.ts +3 -0
package/dist/types/plugins/webauthn/types.d.ts +183 -0
package/dist/types/plugins/webauthn/webauthn.d.ts +129 -0
package/dist/types/plugins/webauthn/webauthnPlugin.d.ts +179 -0
package/dist/types/plugins/webauthn/webauthnSigner.d.ts +91 -0
package/dist/types/plugins/zkproof/index.d.ts +48 -0
package/dist/types/plugins/zkproof/types.d.ts +123 -0
package/dist/types/plugins/zkproof/zkCredentials.d.ts +112 -0
package/dist/types/plugins/zkproof/zkProofConnector.d.ts +46 -0
package/dist/types/plugins/zkproof/zkProofPlugin.d.ts +76 -0
package/dist/types/storage/storage.d.ts +51 -0
package/dist/types/utils/errorHandler.d.ts +119 -0
package/dist/types/utils/eventEmitter.d.ts +39 -0
package/dist/types/utils/seedPhrase.d.ts +50 -0
package/dist/types/utils/validation.d.ts +27 -0
package/dist/utils/errorHandler.js +246 -0
package/dist/utils/eventEmitter.js +79 -0
package/dist/utils/seedPhrase.js +97 -0
package/dist/utils/validation.js +81 -0
package/package.json +10 -1

package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js","mappings":";;;;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACO;AACP;AACA,iDAAiD,EAAE;AACnD;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA,oCAAoC,MAAM;AAC1C,+CAA+C,OAAO;AACtD,sCAAsC,IAAI,YAAY,aAAa;AACnE;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,aAAa;AACxD;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,kBAAkB;AACtC;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA,+BAA+B;AAC/B;AACA,qCAAqC;AACrC;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,SAAS;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA,kDAAkD;AAClD;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA,0DAA0D;AAC1D;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACA;AACA,6BAA6B,mBAAmB;AAChD;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA,oBAAoB,cAAc;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACA;;;AC/TA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA,+BAA+B;AAC/B,+BAA+B;;AAE/B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACuF;AACvF;AACA;AACA;AACA;AACA,mBAAmB,GAAG;AACtB,mBAAmB,GAAG;AACtB;AACO;AACP;AACA;AACA;AACA,SAAS,gBAAW;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,GAAG;AACnB;AACA,sBAAsB,gBAAW,UAAU,gBAAW;AACtD,4BAA4B,GAAG;AAC/B,4BAA4B,GAAG;AAC/B,sBAAsB,WAAW;AACjC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,iBAAiB;AACnD;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,UAAU;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP,YAAY,qEAAqE,EAAE,SAAS;AAC5F;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA,IAAI,OAAO;AACX,IAAI,OAAO;AACX,IAAI,KAAK;AACT,IAAI,KAAK;AACT;AACA,QAAQ,MAAM;AACd,QAAQ,MAAM;AACd,QAAQ,MAAM;AACd;AACA;AACA;AACA,QAAQ,MAAM;AACd,QAAQ,OAAO;AACf;AACA;AACA;AACA;AACA,4CAA4C,cAAc,0BAA0B,IAAI;AACxF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,SAAS;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,MAAM;AAClB;AACA,yFAAyF,EAAE;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,gBAAW;AACxB,iCAAiC,SAAS;AAC1C,oBAAoB,GAAG;AACvB;AACA;AACA;AACA;AACA;AACA,sCAAsC,GAAG;AACzC;AACA;AACA;AACA;AACA;AACA,kDAAkD,YAAY;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,GAAG;AACvB;AACA,QAAQ,KAAK;AACb;AACA;AACA;;;AC3LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACyE;AACzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+DAA+D;AAC/D,+DAA+D;AAC/D;AACA;AACA;AACA;AACA;AACA,qBAAqB,gBAAgB;AACrC;AACA;AACA;AACA;AACA;AACA,gDAAgD;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS,GAAG;AACZ;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,cAAc,SAAS,CAAC,MAAM;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,OAAO;AAC/B;AACA;AACA;AACA;AACA,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,SAAS;AACzB;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,OAAO;AAC/B;AACA;AACA;AACA,QAAQ,KAAK;AACb;AACA;AACA,QAAQ,OAAO;AACf,QAAQ,MAAM;AACd,eAAe,SAAS;AACxB,gBAAgB,mBAAmB;AACnC;AACA,0BAA0B,UAAU;AACpC;AACA;AACA;AACA,uBAAuB,uBAAuB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,KAAK;AACb;AACA;AACA,QAAQ,OAAO;AACf,QAAQ,OAAO;AACf;AACA,gBAAgB,YAAY;AAC5B,cAAc,MAAM;AACpB;AACA;AACA,mBAAmB,UAAU;AAC7B;AACA;AACA;AACA;AACA;AACA,wBAAwB,OAAO;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,oBAAoB;AACpC;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA,8CAA8C;AAC9C;AACA;AACA;AACA;AACA;AACA;AACO;AACP;;;ACxXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAC+C;AACL;AACiD;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD;AACnD;AACA;AACA,oBAAoB,YAAY;AAChC;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA,cAAc,IAAI;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,iCAAiC,YAAY;AACpD;AACA;AACA;AACA,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,MAAM;AACd;AACA,oBAAoB,UAAU;AAC9B;AACA;AACA,cAAc,QAAQ;AACtB;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA,qBAAqB,SAAS;AAC9B;AACA;AACA;AACA;AACA;AACA,sCAAsC;AACtC,YAAY,KAAK;AACjB;AACA,SAAS;AACT;AACA,qBAAqB,SAAS;AAC9B;AACA;AACA;AACA,iBAAiB,UAAU;AAC3B;AACA;AACA;AACA,sDAAsD;AACtD,YAAY,KAAK;AACjB;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,yCAAyC,UAAU,GAAG,+CAA+C;;;;;AC1MtD;AAChB;AAC/B;AACP;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,gBAAgB;AACxC;AACA,SAAS;AACT;AACA;AACA;AACA,wBAAwB,gBAAgB;AACxC;AACA,SAAS;AACT;AACA;AACA;AACA,oDAAoD,oBAAoB;AACxE;AACA;AACA,+BAA+B,yBAAyB;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA,IAAI,kEAAkE;AACtE;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,UAAM;AACzB,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;;;AC9F6D","sources":["webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/src/chacha/utils.js","webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/src/chacha/_arx.js","webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/src/chacha/_poly1305.js","webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/src/chacha/chacha.js","webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/src/chacha20Poly1305.js","webpack://ShogunCore/./node_modules/@hpke/chacha20poly1305/esm/mod.js"],"sourcesContent":["/**\n * This file is based on noble-ciphers (https://github.com/paulmillr/noble-ciphers).\n *\n * noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-ciphers/blob/749cdf9cd07ebdd19e9b957d0f172f1045179695/src/utils.ts\n */\n/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */\nexport function isBytes(a) {\n return a instanceof Uint8Array ||\n (ArrayBuffer.isView(a) && a.constructor.name === \"Uint8Array\");\n}\n/** Asserts something is boolean. */\nexport function abool(b) {\n if (typeof b !== \"boolean\")\n throw new Error(`boolean expected, not ${b}`);\n}\n/** Asserts something is positive integer. */\nexport function anumber(n) {\n if (!Number.isSafeInteger(n) || n < 0) {\n throw new Error(\"positive integer expected, got \" + n);\n }\n}\n/** Asserts something is Uint8Array. */\nexport function abytes(value, length, title = \"\") {\n const bytes = isBytes(value);\n const len = value?.length;\n const needsLen = length !== undefined;\n if (!bytes || (needsLen && len !== length)) {\n const prefix = title && `\"${title}\" `;\n const ofLen = needsLen ? ` of length ${length}` : \"\";\n const got = bytes ? `length=${len}` : `type=${typeof value}`;\n throw new Error(prefix + \"expected Uint8Array\" + ofLen + \", got \" + got);\n }\n return value;\n}\n/** Asserts a hash instance has not been destroyed / finished */\n// deno-lint-ignore no-explicit-any\nexport function aexists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error(\"Hash instance has been destroyed\");\n if (checkFinished && instance.finished) {\n throw new Error(\"Hash#digest() has already been called\");\n }\n}\n/** Asserts output is properly-sized byte array */\n// deno-lint-ignore no-explicit-any\nexport function aoutput(out, instance) {\n abytes(out, undefined, \"output\");\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error(\"digestInto() expects output buffer of length at least \" + min);\n }\n}\n/** Cast u8 / u16 / u32 to u8. */\nexport function u8(arr) {\n return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n/** Cast u8 / u16 / u32 to u32. */\nexport function u32(arr) {\n return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n}\n/** Zeroize a byte array. Warning: JS provides no guarantees. */\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n/** Create DataView of an array for easy byte-level manipulation. */\nexport function createView(arr) {\n return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n/** Is current platform little-endian? Most are. Big-Endian platform: IBM */\nexport const isLE = \n/* @__PURE__ */ (() => new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex\nconst hasHexBuiltin = /* @__PURE__ */ (() => \n// @ts-ignore: to use toHex\ntypeof Uint8Array.from([]).toHex === \"function\" &&\n // @ts-ignore: to use fromHex\n typeof Uint8Array.fromHex === \"function\")();\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, \"0\"));\n/**\n * Convert byte array to hex string. Uses built-in function, when available.\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // @ts-ignore: to use toHex\n if (hasHexBuiltin)\n return bytes.toHex();\n // pre-caching improves the speed 6x\n let hex = \"\";\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };\nfunction asciiToBase16(ch) {\n if (ch >= asciis._0 && ch <= asciis._9)\n return ch - asciis._0; // '2' => 50-48\n if (ch >= asciis.A && ch <= asciis.F)\n return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n if (ch >= asciis.a && ch <= asciis.f)\n return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n return;\n}\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== \"string\") {\n throw new Error(\"hex string expected, got \" + typeof hex);\n }\n // @ts-ignore: to use fromHex\n if (hasHexBuiltin)\n return Uint8Array.fromHex(hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2) {\n throw new Error(\"hex string expected, got unpadded hex of length \" + hl);\n }\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' +\n hi);\n }\n array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n }\n return array;\n}\n// Used in micro\nexport function hexToNumber(hex) {\n if (typeof hex !== \"string\") {\n throw new Error(\"hex string expected, got \" + typeof hex);\n }\n return BigInt(hex === \"\" ? \"0\" : \"0x\" + hex); // Big Endian\n}\n// Used in ff1\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\n// Used in micro, ff1\nexport function numberToBytesBE(n, len) {\n return hexToBytes(n.toString(16).padStart(len * 2, \"0\"));\n}\n/**\n * Converts string to bytes using UTF8 encoding.\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== \"string\")\n throw new Error(\"string expected\");\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Converts bytes to string using UTF8 encoding.\n * @example bytesToUtf8(new Uint8Array([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Checks if two U8A use same underlying buffer and overlaps.\n * This is invalid and can corrupt data.\n */\nexport function overlapBytes(a, b) {\n return (a.buffer === b.buffer && // best we can do, may fail with an obscure Proxy\n a.byteOffset < b.byteOffset + b.byteLength && // a starts before b end\n b.byteOffset < a.byteOffset + a.byteLength // b starts before a end\n );\n}\n/**\n * If input and output overlap and input starts before output, we will overwrite end of input before\n * we start processing it, so this is not supported for most ciphers (except chacha/salse, which designed with this)\n */\nexport function complexOverlapBytes(input, output) {\n // This is very cursed. It works somehow, but I'm completely unsure,\n // reasoning about overlapping aligned windows is very hard.\n if (overlapBytes(input, output) && input.byteOffset < output.byteOffset) {\n throw new Error(\"complex overlap of input and output is not supported\");\n }\n}\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== \"object\") {\n throw new Error(\"options must be defined\");\n }\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n/** Compares 2 uint8array-s in kinda constant time. */\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * Wraps a cipher: validates args, ensures encrypt() can only be called once.\n * @__NO_SIDE_EFFECTS__\n */\n// deno-lint-ignore no-explicit-any\nexport const wrapCipher = (params, constructor) => {\n // deno-lint-ignore no-explicit-any\n function wrappedCipher(key, ...args) {\n // Validate key\n abytes(key, undefined, \"key\");\n // Big-Endian hardware is rare. Just in case someone still decides to run ciphers:\n if (!isLE) {\n throw new Error(\"Non little-endian hardware is not yet supported\");\n }\n // Validate nonce if nonceLength is present\n if (params.nonceLength !== undefined) {\n const nonce = args[0];\n abytes(nonce, params.varSizeNonce ? undefined : params.nonceLength, \"nonce\");\n }\n // Validate AAD if tagLength present\n const tagl = params.tagLength;\n if (tagl && args[1] !== undefined)\n abytes(args[1], undefined, \"AAD\");\n const cipher = constructor(key, ...args);\n const checkOutput = (fnLength, output) => {\n if (output !== undefined) {\n if (fnLength !== 2)\n throw new Error(\"cipher output not supported\");\n abytes(output, undefined, \"output\");\n }\n };\n // Create wrapped cipher with validation and single-use encryption\n let called = false;\n const wrCipher = {\n encrypt(data, output) {\n if (called) {\n throw new Error(\"cannot encrypt() twice with same key + nonce\");\n }\n called = true;\n abytes(data);\n checkOutput(cipher.encrypt.length, output);\n return cipher.encrypt(data, output);\n },\n decrypt(data, output) {\n abytes(data);\n if (tagl && data.length < tagl) {\n throw new Error('\"ciphertext\" expected length bigger than tagLength=' + tagl);\n }\n checkOutput(cipher.decrypt.length, output);\n return cipher.decrypt(data, output);\n },\n };\n return wrCipher;\n }\n Object.assign(wrappedCipher, params);\n return wrappedCipher;\n};\n/**\n * By default, returns u8a of length.\n * When out is available, it checks it for validity and uses it.\n */\nexport function getOutput(expectedLength, out, onlyAligned = true) {\n if (out === undefined)\n return new Uint8Array(expectedLength);\n if (out.length !== expectedLength) {\n throw new Error('\"output\" expected Uint8Array of length ' + expectedLength + \", got: \" +\n out.length);\n }\n if (onlyAligned && !isAligned32(out)) {\n throw new Error(\"invalid output, must be aligned\");\n }\n return out;\n}\nexport function u64Lengths(dataLength, aadLength, isLE) {\n abool(isLE);\n const num = new Uint8Array(16);\n const view = createView(num);\n view.setBigUint64(0, BigInt(aadLength), isLE);\n view.setBigUint64(8, BigInt(dataLength), isLE);\n return num;\n}\n// Is byte array aligned to 4 byte offset (u32)?\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n// copy bytes to new u8a (aligned). Because Buffer.slice is broken.\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\n","/**\n * This file is based on noble-ciphers (https://github.com/paulmillr/noble-ciphers).\n *\n * noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-ciphers/blob/749cdf9cd07ebdd19e9b957d0f172f1045179695/src/_arx.ts\n */\n/**\n * Basic utils for ARX (add-rotate-xor) salsa and chacha ciphers.\n\nRFC8439 requires multi-step cipher stream, where\nauthKey starts with counter: 0, actual msg with counter: 1.\n\nFor this, we need a way to re-use nonce / counter:\n\n const counter = new Uint8Array(4);\n chacha(..., counter, ...); // counter is now 1\n chacha(..., counter, ...); // counter is now 2\n\nThis is complicated:\n\n- 32-bit counters are enough, no need for 64-bit: max ArrayBuffer size in JS is 4GB\n- Original papers don't allow mutating counters\n- Counter overflow is undefined [^1]\n- Idea A: allow providing (nonce | counter) instead of just nonce, re-use it\n- Caveat: Cannot be re-used through all cases:\n- * chacha has (counter | nonce)\n- * xchacha has (nonce16 | counter | nonce16)\n- Idea B: separate nonce / counter and provide separate API for counter re-use\n- Caveat: there are different counter sizes depending on an algorithm.\n- salsa & chacha also differ in structures of key & sigma:\n salsa20: s[0] | k(4) | s[1] | nonce(2) | cnt(2) | s[2] | k(4) | s[3]\n chacha: s(4) | k(8) | cnt(1) | nonce(3)\n chacha20orig: s(4) | k(8) | cnt(2) | nonce(2)\n- Idea C: helper method such as `setSalsaState(key, nonce, sigma, data)`\n- Caveat: we can't re-use counter array\n\nxchacha [^2] uses the subkey and remaining 8 byte nonce with ChaCha20 as normal\n(prefixed by 4 NUL bytes, since [RFC8439] specifies a 12-byte nonce).\n\n[^1]: https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU/\n[^2]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha#appendix-A.2\n\n * @module\n */\nimport { abool, abytes, anumber, checkOpts, clean, copyBytes, u32, } from \"./utils.js\";\n// Can't use similar utils.utf8ToBytes, because it uses `TextEncoder` - not available in all envs\nconst _utf8ToBytes = (str) => Uint8Array.from(str.split(\"\").map((c) => c.charCodeAt(0)));\nconst sigma16 = _utf8ToBytes(\"expand 16-byte k\");\nconst sigma32 = _utf8ToBytes(\"expand 32-byte k\");\nconst sigma16_32 = u32(sigma16);\nconst sigma32_32 = u32(sigma32);\n/** Rotate left. */\nexport function rotl(a, b) {\n return (a << b) | (a >>> (32 - b));\n}\n// Is byte array aligned to 4 byte offset (u32)?\nfunction isAligned32(b) {\n return b.byteOffset % 4 === 0;\n}\n// Salsa and Chacha block length is always 512-bit\nconst BLOCK_LEN = 64;\nconst BLOCK_LEN32 = 16;\n// new Uint32Array([2**32]) // => Uint32Array(1) [ 0 ]\n// new Uint32Array([2**32-1]) // => Uint32Array(1) [ 4294967295 ]\nconst MAX_COUNTER = 2 ** 32 - 1;\nconst U32_EMPTY = Uint32Array.of();\nfunction runCipher(core, sigma, key, nonce, data, output, counter, rounds) {\n const len = data.length;\n const block = new Uint8Array(BLOCK_LEN);\n const b32 = u32(block);\n // Make sure that buffers aligned to 4 bytes\n const isAligned = isAligned32(data) && isAligned32(output);\n const d32 = isAligned ? u32(data) : U32_EMPTY;\n const o32 = isAligned ? u32(output) : U32_EMPTY;\n for (let pos = 0; pos < len; counter++) {\n core(sigma, key, nonce, b32, counter, rounds);\n if (counter >= MAX_COUNTER)\n throw new Error(\"arx: counter overflow\");\n const take = Math.min(BLOCK_LEN, len - pos);\n // aligned to 4 bytes\n if (isAligned && take === BLOCK_LEN) {\n const pos32 = pos / 4;\n if (pos % 4 !== 0)\n throw new Error(\"arx: invalid block position\");\n for (let j = 0, posj; j < BLOCK_LEN32; j++) {\n posj = pos32 + j;\n o32[posj] = d32[posj] ^ b32[j];\n }\n pos += BLOCK_LEN;\n continue;\n }\n for (let j = 0, posj; j < take; j++) {\n posj = pos + j;\n output[posj] = data[posj] ^ block[j];\n }\n pos += take;\n }\n}\n/** Creates ARX-like (ChaCha, Salsa) cipher stream from core function. */\nexport function createCipher(core, opts) {\n const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({\n allowShortKeys: false,\n counterLength: 8,\n counterRight: false,\n rounds: 20,\n }, opts);\n if (typeof core !== \"function\")\n throw new Error(\"core must be a function\");\n anumber(counterLength);\n anumber(rounds);\n abool(counterRight);\n abool(allowShortKeys);\n return (key, nonce, data, output, counter = 0) => {\n abytes(key, undefined, \"key\");\n abytes(nonce, undefined, \"nonce\");\n abytes(data, undefined, \"data\");\n const len = data.length;\n if (output === undefined)\n output = new Uint8Array(len);\n abytes(output, undefined, \"output\");\n anumber(counter);\n if (counter < 0 || counter >= MAX_COUNTER) {\n throw new Error(\"arx: counter overflow\");\n }\n if (output.length < len) {\n throw new Error(`arx: output (${output.length}) is shorter than data (${len})`);\n }\n const toClean = [];\n // Key & sigma\n // key=16 -> sigma16, k=key|key\n // key=32 -> sigma32, k=key\n const l = key.length;\n let k;\n let sigma;\n if (l === 32) {\n toClean.push(k = copyBytes(key));\n sigma = sigma32_32;\n }\n else if (l === 16 && allowShortKeys) {\n k = new Uint8Array(32);\n k.set(key);\n k.set(key, 16);\n sigma = sigma16_32;\n toClean.push(k);\n }\n else {\n abytes(key, 32, \"arx key\");\n throw new Error(\"invalid key size\");\n // throw new Error(`\"arx key\" expected Uint8Array of length 32, got length=${l}`);\n }\n // Nonce\n // salsa20: 8 (8-byte counter)\n // chacha20orig: 8 (8-byte counter)\n // chacha20: 12 (4-byte counter)\n // xsalsa20: 24 (16 -> hsalsa, 8 -> old nonce)\n // xchacha20: 24 (16 -> hchacha, 8 -> old nonce)\n // Align nonce to 4 bytes\n if (!isAligned32(nonce))\n toClean.push(nonce = copyBytes(nonce));\n const k32 = u32(k);\n // hsalsa & hchacha: handle extended nonce\n if (extendNonceFn) {\n if (nonce.length !== 24) {\n throw new Error(`arx: extended nonce must be 24 bytes`);\n }\n extendNonceFn(sigma, k32, u32(nonce.subarray(0, 16)), k32);\n nonce = nonce.subarray(16);\n }\n // Handle nonce counter\n const nonceNcLen = 16 - counterLength;\n if (nonceNcLen !== nonce.length) {\n throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);\n }\n // Pad counter when nonce is 64 bit\n if (nonceNcLen !== 12) {\n const nc = new Uint8Array(12);\n nc.set(nonce, counterRight ? 0 : 12 - nonce.length);\n nonce = nc;\n toClean.push(nonce);\n }\n const n32 = u32(nonce);\n runCipher(core, sigma, k32, n32, data, output, counter, rounds);\n clean(...toClean);\n return output;\n };\n}\n","/**\n * This file is based on noble-ciphers (https://github.com/paulmillr/noble-ciphers).\n *\n * noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-ciphers/blob/749cdf9cd07ebdd19e9b957d0f172f1045179695/src/_poly1305.ts\n */\n/**\n * Poly1305 ([PDF](https://cr.yp.to/mac/poly1305-20050329.pdf),\n * [wiki](https://en.wikipedia.org/wiki/Poly1305))\n * is a fast and parallel secret-key message-authentication code suitable for\n * a wide variety of applications. It was standardized in\n * [RFC 8439](https://www.rfc-editor.org/rfc/rfc8439) and is now used in TLS 1.3.\n *\n * Polynomial MACs are not perfect for every situation:\n * they lack Random Key Robustness: the MAC can be forged, and can't be used in PAKE schemes.\n * See [invisible salamanders attack](https://keymaterial.net/2020/09/07/invisible-salamanders-in-aes-gcm-siv/).\n * To combat invisible salamanders, `hash(key)` can be included in ciphertext,\n * however, this would violate ciphertext indistinguishability:\n * an attacker would know which key was used - so `HKDF(key, i)`\n * could be used instead.\n *\n * Check out [original website](https://cr.yp.to/mac.html).\n * Based on Public Domain [poly1305-donna](https://github.com/floodyberry/poly1305-donna).\n * @module\n */\n// prettier-ignore\nimport { abytes, aexists, aoutput, clean, copyBytes, } from \"./utils.js\";\nfunction u8to16(a, i) {\n return (a[i++] & 0xff) | ((a[i++] & 0xff) << 8);\n}\n// function bytesToNumberLE(bytes: Uint8Array): bigint {\n// return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n// }\n// /** Small version of `poly1305` without loop unrolling. Unused, provided for auditability. */\n// function poly1305_small(msg: Uint8Array, key: Uint8Array): Uint8Array {\n// abytes(msg);\n// abytes(key, 32, \"key\");\n// const POW_2_130_5 = BigInt(2) ** BigInt(130) - BigInt(5); // 2^130-5\n// const POW_2_128_1 = BigInt(2) ** BigInt(128) - BigInt(1); // 2^128-1\n// const CLAMP_R = BigInt(\"0x0ffffffc0ffffffc0ffffffc0fffffff\");\n// const r = bytesToNumberLE(key.subarray(0, 16)) & CLAMP_R;\n// const s = bytesToNumberLE(key.subarray(16));\n// // Process by 16 byte chunks\n// let acc = BigInt(0);\n// for (let i = 0; i < msg.length; i += 16) {\n// const m = msg.subarray(i, i + 16);\n// const n = bytesToNumberLE(m) | (BigInt(1) << BigInt(8 * m.length));\n// acc = ((acc + n) * r) % POW_2_130_5;\n// }\n// const res = (acc + s) & POW_2_128_1;\n// return numberToBytesBE(res, 16).reverse(); // LE\n// }\n// Can be used to replace `computeTag` in chacha.ts. Unused, provided for auditability.\n// function poly1305_computeTag_small(\n// authKey: Uint8Array,\n// lengths: Uint8Array,\n// ciphertext: Uint8Array,\n// AAD?: Uint8Array,\n// ): Uint8Array {\n// const res = [];\n// const updatePadded2 = (msg: Uint8Array) => {\n// res.push(msg);\n// const leftover = msg.length % 16;\n// if (leftover) res.push(new Uint8Array(16).slice(leftover));\n// };\n// if (AAD) updatePadded2(AAD);\n// updatePadded2(ciphertext);\n// res.push(lengths);\n// return poly1305_small(concatBytes(...res), authKey);\n// }\n/** Poly1305 class. Prefer poly1305() function instead. */\nexport class Poly1305 {\n // Can be speed-up using BigUint64Array, at the cost of complexity\n constructor(key) {\n Object.defineProperty(this, \"blockLen\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 16\n });\n Object.defineProperty(this, \"outputLen\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 16\n });\n Object.defineProperty(this, \"buffer\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: new Uint8Array(16)\n });\n Object.defineProperty(this, \"r\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: new Uint16Array(10)\n }); // Allocating 1 array with .subarray() here is slower than 3\n Object.defineProperty(this, \"h\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: new Uint16Array(10)\n });\n Object.defineProperty(this, \"pad\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: new Uint16Array(8)\n });\n Object.defineProperty(this, \"pos\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"finished\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: false\n });\n key = copyBytes(abytes(key, 32, \"key\"));\n const t0 = u8to16(key, 0);\n const t1 = u8to16(key, 2);\n const t2 = u8to16(key, 4);\n const t3 = u8to16(key, 6);\n const t4 = u8to16(key, 8);\n const t5 = u8to16(key, 10);\n const t6 = u8to16(key, 12);\n const t7 = u8to16(key, 14);\n // https://github.com/floodyberry/poly1305-donna/blob/e6ad6e091d30d7f4ec2d4f978be1fcfcbce72781/poly1305-donna-16.h#L47\n this.r[0] = t0 & 0x1fff;\n this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;\n this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;\n this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff;\n this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff;\n this.r[5] = (t4 >>> 1) & 0x1ffe;\n this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff;\n this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;\n this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;\n this.r[9] = (t7 >>> 5) & 0x007f;\n for (let i = 0; i < 8; i++)\n this.pad[i] = u8to16(key, 16 + 2 * i);\n }\n process(data, offset, isLast = false) {\n const hibit = isLast ? 0 : 1 << 11;\n const { h, r } = this;\n const r0 = r[0];\n const r1 = r[1];\n const r2 = r[2];\n const r3 = r[3];\n const r4 = r[4];\n const r5 = r[5];\n const r6 = r[6];\n const r7 = r[7];\n const r8 = r[8];\n const r9 = r[9];\n const t0 = u8to16(data, offset + 0);\n const t1 = u8to16(data, offset + 2);\n const t2 = u8to16(data, offset + 4);\n const t3 = u8to16(data, offset + 6);\n const t4 = u8to16(data, offset + 8);\n const t5 = u8to16(data, offset + 10);\n const t6 = u8to16(data, offset + 12);\n const t7 = u8to16(data, offset + 14);\n const h0 = h[0] + (t0 & 0x1fff);\n const h1 = h[1] + (((t0 >>> 13) | (t1 << 3)) & 0x1fff);\n const h2 = h[2] + (((t1 >>> 10) | (t2 << 6)) & 0x1fff);\n const h3 = h[3] + (((t2 >>> 7) | (t3 << 9)) & 0x1fff);\n const h4 = h[4] + (((t3 >>> 4) | (t4 << 12)) & 0x1fff);\n const h5 = h[5] + ((t4 >>> 1) & 0x1fff);\n const h6 = h[6] + (((t4 >>> 14) | (t5 << 2)) & 0x1fff);\n const h7 = h[7] + (((t5 >>> 11) | (t6 << 5)) & 0x1fff);\n const h8 = h[8] + (((t6 >>> 8) | (t7 << 8)) & 0x1fff);\n const h9 = h[9] + ((t7 >>> 5) | hibit);\n let c = 0;\n let d0 = c + h0 * r0 + h1 * (5 * r9) + h2 * (5 * r8) + h3 * (5 * r7) +\n h4 * (5 * r6);\n c = d0 >>> 13;\n d0 &= 0x1fff;\n d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) +\n h9 * (5 * r1);\n c += d0 >>> 13;\n d0 &= 0x1fff;\n let d1 = c + h0 * r1 + h1 * r0 + h2 * (5 * r9) + h3 * (5 * r8) +\n h4 * (5 * r7);\n c = d1 >>> 13;\n d1 &= 0x1fff;\n d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) +\n h9 * (5 * r2);\n c += d1 >>> 13;\n d1 &= 0x1fff;\n let d2 = c + h0 * r2 + h1 * r1 + h2 * r0 + h3 * (5 * r9) + h4 * (5 * r8);\n c = d2 >>> 13;\n d2 &= 0x1fff;\n d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) +\n h9 * (5 * r3);\n c += d2 >>> 13;\n d2 &= 0x1fff;\n let d3 = c + h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * (5 * r9);\n c = d3 >>> 13;\n d3 &= 0x1fff;\n d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) +\n h9 * (5 * r4);\n c += d3 >>> 13;\n d3 &= 0x1fff;\n let d4 = c + h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0;\n c = d4 >>> 13;\n d4 &= 0x1fff;\n d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) +\n h9 * (5 * r5);\n c += d4 >>> 13;\n d4 &= 0x1fff;\n let d5 = c + h0 * r5 + h1 * r4 + h2 * r3 + h3 * r2 + h4 * r1;\n c = d5 >>> 13;\n d5 &= 0x1fff;\n d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) +\n h9 * (5 * r6);\n c += d5 >>> 13;\n d5 &= 0x1fff;\n let d6 = c + h0 * r6 + h1 * r5 + h2 * r4 + h3 * r3 + h4 * r2;\n c = d6 >>> 13;\n d6 &= 0x1fff;\n d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);\n c += d6 >>> 13;\n d6 &= 0x1fff;\n let d7 = c + h0 * r7 + h1 * r6 + h2 * r5 + h3 * r4 + h4 * r3;\n c = d7 >>> 13;\n d7 &= 0x1fff;\n d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);\n c += d7 >>> 13;\n d7 &= 0x1fff;\n let d8 = c + h0 * r8 + h1 * r7 + h2 * r6 + h3 * r5 + h4 * r4;\n c = d8 >>> 13;\n d8 &= 0x1fff;\n d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);\n c += d8 >>> 13;\n d8 &= 0x1fff;\n let d9 = c + h0 * r9 + h1 * r8 + h2 * r7 + h3 * r6 + h4 * r5;\n c = d9 >>> 13;\n d9 &= 0x1fff;\n d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;\n c += d9 >>> 13;\n d9 &= 0x1fff;\n c = ((c << 2) + c) | 0;\n c = (c + d0) | 0;\n d0 = c & 0x1fff;\n c = c >>> 13;\n d1 += c;\n h[0] = d0;\n h[1] = d1;\n h[2] = d2;\n h[3] = d3;\n h[4] = d4;\n h[5] = d5;\n h[6] = d6;\n h[7] = d7;\n h[8] = d8;\n h[9] = d9;\n }\n finalize() {\n const { h, pad } = this;\n const g = new Uint16Array(10);\n let c = h[1] >>> 13;\n h[1] &= 0x1fff;\n for (let i = 2; i < 10; i++) {\n h[i] += c;\n c = h[i] >>> 13;\n h[i] &= 0x1fff;\n }\n h[0] += c * 5;\n c = h[0] >>> 13;\n h[0] &= 0x1fff;\n h[1] += c;\n c = h[1] >>> 13;\n h[1] &= 0x1fff;\n h[2] += c;\n g[0] = h[0] + 5;\n c = g[0] >>> 13;\n g[0] &= 0x1fff;\n for (let i = 1; i < 10; i++) {\n g[i] = h[i] + c;\n c = g[i] >>> 13;\n g[i] &= 0x1fff;\n }\n g[9] -= 1 << 13;\n let mask = (c ^ 1) - 1;\n for (let i = 0; i < 10; i++)\n g[i] &= mask;\n mask = ~mask;\n for (let i = 0; i < 10; i++)\n h[i] = (h[i] & mask) | g[i];\n h[0] = (h[0] | (h[1] << 13)) & 0xffff;\n h[1] = ((h[1] >>> 3) | (h[2] << 10)) & 0xffff;\n h[2] = ((h[2] >>> 6) | (h[3] << 7)) & 0xffff;\n h[3] = ((h[3] >>> 9) | (h[4] << 4)) & 0xffff;\n h[4] = ((h[4] >>> 12) | (h[5] << 1) | (h[6] << 14)) & 0xffff;\n h[5] = ((h[6] >>> 2) | (h[7] << 11)) & 0xffff;\n h[6] = ((h[7] >>> 5) | (h[8] << 8)) & 0xffff;\n h[7] = ((h[8] >>> 8) | (h[9] << 5)) & 0xffff;\n let f = h[0] + pad[0];\n h[0] = f & 0xffff;\n for (let i = 1; i < 8; i++) {\n f = (((h[i] + pad[i]) | 0) + (f >>> 16)) | 0;\n h[i] = f & 0xffff;\n }\n clean(g);\n }\n update(data) {\n aexists(this);\n abytes(data);\n data = copyBytes(data);\n const { buffer, blockLen } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input\n if (take === blockLen) {\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(data, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(buffer, 0, false);\n this.pos = 0;\n }\n }\n return this;\n }\n destroy() {\n clean(this.h, this.r, this.buffer, this.pad);\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { buffer, h } = this;\n let { pos } = this;\n if (pos) {\n buffer[pos++] = 1;\n for (; pos < 16; pos++)\n buffer[pos] = 0;\n this.process(buffer, 0, true);\n }\n this.finalize();\n let opos = 0;\n for (let i = 0; i < 8; i++) {\n out[opos++] = h[i] >>> 0;\n out[opos++] = h[i] >>> 8;\n }\n return out;\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n}\nexport function wrapConstructorWithKey(hashCons) {\n const hashC = (msg, key) => hashCons(key).update(msg).digest();\n const tmp = hashCons(new Uint8Array(32)); // tmp array, used just once below\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (key) => hashCons(key);\n return hashC;\n}\n/** Poly1305 MAC from RFC 8439. */\nexport const poly1305 = \n/** @__PURE__ */ (() => wrapConstructorWithKey((key) => new Poly1305(key)))();\n","/**\n * This file is based on noble-ciphers (https://github.com/paulmillr/noble-ciphers).\n *\n * noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-ciphers/blob/749cdf9cd07ebdd19e9b957d0f172f1045179695/src/chacha.ts\n */\n/**\n * ChaCha stream cipher, released\n * in 2008. Developed after Salsa20, ChaCha aims to increase diffusion per round.\n * It was standardized in [RFC 8439](https://www.rfc-editor.org/rfc/rfc8439) and\n * is now used in TLS 1.3.\n *\n * [XChaCha20](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha)\n * extended-nonce variant is also provided. Similar to XSalsa, it's safe to use with\n * randomly-generated nonces.\n *\n * Check out [PDF](http://cr.yp.to/chacha/chacha-20080128.pdf) and\n * [wiki](https://en.wikipedia.org/wiki/Salsa20) and\n * [website](https://cr.yp.to/chacha.html).\n *\n * @module\n */\nimport { createCipher, rotl } from \"./_arx.js\";\nimport { poly1305 } from \"./_poly1305.js\";\nimport { abytes, clean, equalBytes, getOutput, u64Lengths, wrapCipher, } from \"./utils.js\";\n/**\n * ChaCha core function. It is implemented twice:\n * 1. Simple loop (chachaCore_small, hchacha_small)\n * 2. Unrolled loop (chachaCore, hchacha) - 4x faster, but larger & harder to read\n * The specific implementation is selected in `createCipher` below.\n */\nfunction chachaCore(s, k, n, out, cnt, rounds = 20) {\n const y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], // \"expa\" \"nd 3\" \"2-by\" \"te k\"\n y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], // Key Key Key Key\n y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], // Key Key Key Key\n y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2]; // Counter Counter\tNonce Nonce\n // Save state to temporary variables\n let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;\n for (let r = 0; r < rounds; r += 2) {\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 16);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 12);\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 8);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 7);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 16);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 12);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 8);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 7);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 16);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 12);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 8);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 7);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 16);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 12);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 8);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 7);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 16);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 12);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 8);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 7);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 16);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 12);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 8);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 7);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 16);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 12);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 8);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 7);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 16);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 12);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 8);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 7);\n }\n // Write output\n let oi = 0;\n out[oi++] = (y00 + x00) | 0;\n out[oi++] = (y01 + x01) | 0;\n out[oi++] = (y02 + x02) | 0;\n out[oi++] = (y03 + x03) | 0;\n out[oi++] = (y04 + x04) | 0;\n out[oi++] = (y05 + x05) | 0;\n out[oi++] = (y06 + x06) | 0;\n out[oi++] = (y07 + x07) | 0;\n out[oi++] = (y08 + x08) | 0;\n out[oi++] = (y09 + x09) | 0;\n out[oi++] = (y10 + x10) | 0;\n out[oi++] = (y11 + x11) | 0;\n out[oi++] = (y12 + x12) | 0;\n out[oi++] = (y13 + x13) | 0;\n out[oi++] = (y14 + x14) | 0;\n out[oi++] = (y15 + x15) | 0;\n}\n/**\n * ChaCha stream cipher. Conforms to RFC 8439 (IETF, TLS). 12-byte nonce, 4-byte counter.\n * With smaller nonce, it's not safe to make it random (CSPRNG), due to collision chance.\n */\nexport const chacha20 = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 4,\n allowShortKeys: false,\n});\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\n// Pad to digest size with zeros\nconst updatePadded = (h, msg) => {\n h.update(msg);\n const leftover = msg.length % 16;\n if (leftover)\n h.update(ZEROS16.subarray(leftover));\n};\nconst ZEROS32 = /* @__PURE__ */ new Uint8Array(32);\nfunction computeTag(fn, key, nonce, ciphertext, AAD) {\n if (AAD !== undefined)\n abytes(AAD, undefined, \"AAD\");\n const authKey = fn(key, nonce, ZEROS32);\n const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);\n // Methods below can be replaced with\n // return poly1305_computeTag_small(authKey, lengths, ciphertext, AAD)\n const h = poly1305.create(authKey);\n if (AAD)\n updatePadded(h, AAD);\n updatePadded(h, ciphertext);\n h.update(lengths);\n const res = h.digest();\n clean(authKey, lengths);\n return res;\n}\n/**\n * AEAD algorithm from RFC 8439.\n * Salsa20 and chacha (RFC 8439) use poly1305 differently.\n * We could have composed them, but it's hard because of authKey:\n * In salsa20, authKey changes position in salsa stream.\n * In chacha, authKey can't be computed inside computeTag, it modifies the counter.\n */\nexport const _poly1305_aead = (xorStream) => (key, nonce, AAD) => {\n const tagLength = 16;\n return {\n encrypt(plaintext, output) {\n const plength = plaintext.length;\n output = getOutput(plength + tagLength, output, false);\n output.set(plaintext);\n const oPlain = output.subarray(0, -tagLength);\n // Actual encryption\n xorStream(key, nonce, oPlain, oPlain, 1);\n const tag = computeTag(xorStream, key, nonce, oPlain, AAD);\n output.set(tag, plength); // append tag\n clean(tag);\n return output;\n },\n decrypt(ciphertext, output) {\n output = getOutput(ciphertext.length - tagLength, output, false);\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = computeTag(xorStream, key, nonce, data, AAD);\n if (!equalBytes(passedTag, tag))\n throw new Error(\"invalid tag\");\n output.set(ciphertext.subarray(0, -tagLength));\n // Actual decryption\n xorStream(key, nonce, output, output, 1); // start stream with i=1\n clean(tag);\n return output;\n },\n };\n};\n/**\n * ChaCha20-Poly1305 from RFC 8439.\n *\n * Unsafe to use random nonces under the same key, due to collision chance.\n * Prefer XChaCha instead.\n */\nexport const chacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 12, tagLength: 16 }, _poly1305_aead(chacha20));\n","import { chacha20poly1305 } from \"./chacha/chacha.js\";\nimport { AeadId } from \"@hpke/common\";\nexport class Chacha20Poly1305Context {\n constructor(key) {\n Object.defineProperty(this, \"_key\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n this._key = new Uint8Array(key);\n }\n async seal(iv, data, aad) {\n return await this._seal(iv, data, aad);\n }\n async open(iv, data, aad) {\n return await this._open(iv, data, aad);\n }\n _seal(iv, data, aad) {\n return new Promise((resolve) => {\n const ret = chacha20poly1305(this._key, new Uint8Array(iv), new Uint8Array(aad)).encrypt(new Uint8Array(data));\n resolve(ret.buffer);\n });\n }\n _open(iv, data, aad) {\n return new Promise((resolve) => {\n const ret = chacha20poly1305(this._key, new Uint8Array(iv), new Uint8Array(aad)).decrypt(new Uint8Array(data));\n resolve(ret.buffer);\n });\n }\n}\n/**\n * The ChaCha20Poly1305 for HPKE AEAD implementing {@link AeadInterface}.\n *\n * When using `@hpke/core`, the instance of this class can be specified\n * to the `aead` parameter of {@link CipherSuiteParams} instead of `AeadId.Chacha20Poly1305`\n * as follows:\n *\n * @example\n *\n * ```ts\n * import {\n * CipherSuite,\n * DhkemP256HkdfSha256,\n * HkdfSha256,\n * } from \"@hpke/core\";\n * import {\n * Chacha20Poly1305,\n * } from \"@hpke/chacha20poly1305\";\n *\n * const suite = new CipherSuite({\n * kem: new DhkemP256HkdfSha256(),\n * kdf: new HkdfSha256(),\n * aead: new Chacha20Poly1305(),\n * });\n * ```\n *\n * This class is implemented using\n * {@link https://github.com/paulmillr/noble-ciphers | @noble/ciphers}.\n */\nexport class Chacha20Poly1305 {\n constructor() {\n /** AeadId.Chacha20Poly1305 (0x0003) */\n Object.defineProperty(this, \"id\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: AeadId.Chacha20Poly1305\n });\n /** 32 */\n Object.defineProperty(this, \"keySize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 32\n });\n /** 12 */\n Object.defineProperty(this, \"nonceSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 12\n });\n /** 16 */\n Object.defineProperty(this, \"tagSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 16\n });\n }\n createEncryptionContext(key) {\n return new Chacha20Poly1305Context(key);\n }\n}\n","export { Chacha20Poly1305 } from \"./src/chacha20Poly1305.js\";\n"],"names":[],"sourceRoot":""}