@biuauth/wallet-connect-v2-adapter
Version:
wallet connect v2 adapter for web3auth
1,661 lines (1,642 loc) • 520 kB
JavaScript
/******/ (() => { // webpackBootstrap
/******/ var __webpack_modules__ = ({
/***/ 392:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
"use strict";
// Copyright (C) 2016 Dmitry Chestnykh
// MIT License. See LICENSE file for details.
Object.defineProperty(exports, "__esModule", ({ value: true }));
/**
* Package binary provides functions for encoding and decoding numbers in byte arrays.
*/
var int_1 = __webpack_require__(9109);
// TODO(dchest): add asserts for correct value ranges and array offsets.
/**
* Reads 2 bytes from array starting at offset as big-endian
* signed 16-bit integer and returns it.
*/
function readInt16BE(array, offset) {
if (offset === void 0) { offset = 0; }
return (((array[offset + 0] << 8) | array[offset + 1]) << 16) >> 16;
}
exports.readInt16BE = readInt16BE;
/**
* Reads 2 bytes from array starting at offset as big-endian
* unsigned 16-bit integer and returns it.
*/
function readUint16BE(array, offset) {
if (offset === void 0) { offset = 0; }
return ((array[offset + 0] << 8) | array[offset + 1]) >>> 0;
}
exports.readUint16BE = readUint16BE;
/**
* Reads 2 bytes from array starting at offset as little-endian
* signed 16-bit integer and returns it.
*/
function readInt16LE(array, offset) {
if (offset === void 0) { offset = 0; }
return (((array[offset + 1] << 8) | array[offset]) << 16) >> 16;
}
exports.readInt16LE = readInt16LE;
/**
* Reads 2 bytes from array starting at offset as little-endian
* unsigned 16-bit integer and returns it.
*/
function readUint16LE(array, offset) {
if (offset === void 0) { offset = 0; }
return ((array[offset + 1] << 8) | array[offset]) >>> 0;
}
exports.readUint16LE = readUint16LE;
/**
* Writes 2-byte big-endian representation of 16-bit unsigned
* value to byte array starting at offset.
*
* If byte array is not given, creates a new 2-byte one.
*
* Returns the output byte array.
*/
function writeUint16BE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(2); }
if (offset === void 0) { offset = 0; }
out[offset + 0] = value >>> 8;
out[offset + 1] = value >>> 0;
return out;
}
exports.writeUint16BE = writeUint16BE;
exports.writeInt16BE = writeUint16BE;
/**
* Writes 2-byte little-endian representation of 16-bit unsigned
* value to array starting at offset.
*
* If byte array is not given, creates a new 2-byte one.
*
* Returns the output byte array.
*/
function writeUint16LE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(2); }
if (offset === void 0) { offset = 0; }
out[offset + 0] = value >>> 0;
out[offset + 1] = value >>> 8;
return out;
}
exports.writeUint16LE = writeUint16LE;
exports.writeInt16LE = writeUint16LE;
/**
* Reads 4 bytes from array starting at offset as big-endian
* signed 32-bit integer and returns it.
*/
function readInt32BE(array, offset) {
if (offset === void 0) { offset = 0; }
return (array[offset] << 24) |
(array[offset + 1] << 16) |
(array[offset + 2] << 8) |
array[offset + 3];
}
exports.readInt32BE = readInt32BE;
/**
* Reads 4 bytes from array starting at offset as big-endian
* unsigned 32-bit integer and returns it.
*/
function readUint32BE(array, offset) {
if (offset === void 0) { offset = 0; }
return ((array[offset] << 24) |
(array[offset + 1] << 16) |
(array[offset + 2] << 8) |
array[offset + 3]) >>> 0;
}
exports.readUint32BE = readUint32BE;
/**
* Reads 4 bytes from array starting at offset as little-endian
* signed 32-bit integer and returns it.
*/
function readInt32LE(array, offset) {
if (offset === void 0) { offset = 0; }
return (array[offset + 3] << 24) |
(array[offset + 2] << 16) |
(array[offset + 1] << 8) |
array[offset];
}
exports.readInt32LE = readInt32LE;
/**
* Reads 4 bytes from array starting at offset as little-endian
* unsigned 32-bit integer and returns it.
*/
function readUint32LE(array, offset) {
if (offset === void 0) { offset = 0; }
return ((array[offset + 3] << 24) |
(array[offset + 2] << 16) |
(array[offset + 1] << 8) |
array[offset]) >>> 0;
}
exports.readUint32LE = readUint32LE;
/**
* Writes 4-byte big-endian representation of 32-bit unsigned
* value to byte array starting at offset.
*
* If byte array is not given, creates a new 4-byte one.
*
* Returns the output byte array.
*/
function writeUint32BE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(4); }
if (offset === void 0) { offset = 0; }
out[offset + 0] = value >>> 24;
out[offset + 1] = value >>> 16;
out[offset + 2] = value >>> 8;
out[offset + 3] = value >>> 0;
return out;
}
exports.writeUint32BE = writeUint32BE;
exports.writeInt32BE = writeUint32BE;
/**
* Writes 4-byte little-endian representation of 32-bit unsigned
* value to array starting at offset.
*
* If byte array is not given, creates a new 4-byte one.
*
* Returns the output byte array.
*/
function writeUint32LE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(4); }
if (offset === void 0) { offset = 0; }
out[offset + 0] = value >>> 0;
out[offset + 1] = value >>> 8;
out[offset + 2] = value >>> 16;
out[offset + 3] = value >>> 24;
return out;
}
exports.writeUint32LE = writeUint32LE;
exports.writeInt32LE = writeUint32LE;
/**
* Reads 8 bytes from array starting at offset as big-endian
* signed 64-bit integer and returns it.
*
* IMPORTANT: due to JavaScript limitation, supports exact
* numbers in range -9007199254740991 to 9007199254740991.
* If the number stored in the byte array is outside this range,
* the result is not exact.
*/
function readInt64BE(array, offset) {
if (offset === void 0) { offset = 0; }
var hi = readInt32BE(array, offset);
var lo = readInt32BE(array, offset + 4);
return hi * 0x100000000 + lo - ((lo >> 31) * 0x100000000);
}
exports.readInt64BE = readInt64BE;
/**
* Reads 8 bytes from array starting at offset as big-endian
* unsigned 64-bit integer and returns it.
*
* IMPORTANT: due to JavaScript limitation, supports values up to 2^53-1.
*/
function readUint64BE(array, offset) {
if (offset === void 0) { offset = 0; }
var hi = readUint32BE(array, offset);
var lo = readUint32BE(array, offset + 4);
return hi * 0x100000000 + lo;
}
exports.readUint64BE = readUint64BE;
/**
* Reads 8 bytes from array starting at offset as little-endian
* signed 64-bit integer and returns it.
*
* IMPORTANT: due to JavaScript limitation, supports exact
* numbers in range -9007199254740991 to 9007199254740991.
* If the number stored in the byte array is outside this range,
* the result is not exact.
*/
function readInt64LE(array, offset) {
if (offset === void 0) { offset = 0; }
var lo = readInt32LE(array, offset);
var hi = readInt32LE(array, offset + 4);
return hi * 0x100000000 + lo - ((lo >> 31) * 0x100000000);
}
exports.readInt64LE = readInt64LE;
/**
* Reads 8 bytes from array starting at offset as little-endian
* unsigned 64-bit integer and returns it.
*
* IMPORTANT: due to JavaScript limitation, supports values up to 2^53-1.
*/
function readUint64LE(array, offset) {
if (offset === void 0) { offset = 0; }
var lo = readUint32LE(array, offset);
var hi = readUint32LE(array, offset + 4);
return hi * 0x100000000 + lo;
}
exports.readUint64LE = readUint64LE;
/**
* Writes 8-byte big-endian representation of 64-bit unsigned
* value to byte array starting at offset.
*
* Due to JavaScript limitation, supports values up to 2^53-1.
*
* If byte array is not given, creates a new 8-byte one.
*
* Returns the output byte array.
*/
function writeUint64BE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(8); }
if (offset === void 0) { offset = 0; }
writeUint32BE(value / 0x100000000 >>> 0, out, offset);
writeUint32BE(value >>> 0, out, offset + 4);
return out;
}
exports.writeUint64BE = writeUint64BE;
exports.writeInt64BE = writeUint64BE;
/**
* Writes 8-byte little-endian representation of 64-bit unsigned
* value to byte array starting at offset.
*
* Due to JavaScript limitation, supports values up to 2^53-1.
*
* If byte array is not given, creates a new 8-byte one.
*
* Returns the output byte array.
*/
function writeUint64LE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(8); }
if (offset === void 0) { offset = 0; }
writeUint32LE(value >>> 0, out, offset);
writeUint32LE(value / 0x100000000 >>> 0, out, offset + 4);
return out;
}
exports.writeUint64LE = writeUint64LE;
exports.writeInt64LE = writeUint64LE;
/**
* Reads bytes from array starting at offset as big-endian
* unsigned bitLen-bit integer and returns it.
*
* Supports bit lengths divisible by 8, up to 48.
*/
function readUintBE(bitLength, array, offset) {
if (offset === void 0) { offset = 0; }
// TODO(dchest): implement support for bitLengths non-divisible by 8
if (bitLength % 8 !== 0) {
throw new Error("readUintBE supports only bitLengths divisible by 8");
}
if (bitLength / 8 > array.length - offset) {
throw new Error("readUintBE: array is too short for the given bitLength");
}
var result = 0;
var mul = 1;
for (var i = bitLength / 8 + offset - 1; i >= offset; i--) {
result += array[i] * mul;
mul *= 256;
}
return result;
}
exports.readUintBE = readUintBE;
/**
* Reads bytes from array starting at offset as little-endian
* unsigned bitLen-bit integer and returns it.
*
* Supports bit lengths divisible by 8, up to 48.
*/
function readUintLE(bitLength, array, offset) {
if (offset === void 0) { offset = 0; }
// TODO(dchest): implement support for bitLengths non-divisible by 8
if (bitLength % 8 !== 0) {
throw new Error("readUintLE supports only bitLengths divisible by 8");
}
if (bitLength / 8 > array.length - offset) {
throw new Error("readUintLE: array is too short for the given bitLength");
}
var result = 0;
var mul = 1;
for (var i = offset; i < offset + bitLength / 8; i++) {
result += array[i] * mul;
mul *= 256;
}
return result;
}
exports.readUintLE = readUintLE;
/**
* Writes a big-endian representation of bitLen-bit unsigned
* value to array starting at offset.
*
* Supports bit lengths divisible by 8, up to 48.
*
* If byte array is not given, creates a new one.
*
* Returns the output byte array.
*/
function writeUintBE(bitLength, value, out, offset) {
if (out === void 0) { out = new Uint8Array(bitLength / 8); }
if (offset === void 0) { offset = 0; }
// TODO(dchest): implement support for bitLengths non-divisible by 8
if (bitLength % 8 !== 0) {
throw new Error("writeUintBE supports only bitLengths divisible by 8");
}
if (!int_1.isSafeInteger(value)) {
throw new Error("writeUintBE value must be an integer");
}
var div = 1;
for (var i = bitLength / 8 + offset - 1; i >= offset; i--) {
out[i] = (value / div) & 0xff;
div *= 256;
}
return out;
}
exports.writeUintBE = writeUintBE;
/**
* Writes a little-endian representation of bitLen-bit unsigned
* value to array starting at offset.
*
* Supports bit lengths divisible by 8, up to 48.
*
* If byte array is not given, creates a new one.
*
* Returns the output byte array.
*/
function writeUintLE(bitLength, value, out, offset) {
if (out === void 0) { out = new Uint8Array(bitLength / 8); }
if (offset === void 0) { offset = 0; }
// TODO(dchest): implement support for bitLengths non-divisible by 8
if (bitLength % 8 !== 0) {
throw new Error("writeUintLE supports only bitLengths divisible by 8");
}
if (!int_1.isSafeInteger(value)) {
throw new Error("writeUintLE value must be an integer");
}
var div = 1;
for (var i = offset; i < offset + bitLength / 8; i++) {
out[i] = (value / div) & 0xff;
div *= 256;
}
return out;
}
exports.writeUintLE = writeUintLE;
/**
* Reads 4 bytes from array starting at offset as big-endian
* 32-bit floating-point number and returns it.
*/
function readFloat32BE(array, offset) {
if (offset === void 0) { offset = 0; }
var view = new DataView(array.buffer, array.byteOffset, array.byteLength);
return view.getFloat32(offset);
}
exports.readFloat32BE = readFloat32BE;
/**
* Reads 4 bytes from array starting at offset as little-endian
* 32-bit floating-point number and returns it.
*/
function readFloat32LE(array, offset) {
if (offset === void 0) { offset = 0; }
var view = new DataView(array.buffer, array.byteOffset, array.byteLength);
return view.getFloat32(offset, true);
}
exports.readFloat32LE = readFloat32LE;
/**
* Reads 8 bytes from array starting at offset as big-endian
* 64-bit floating-point number ("double") and returns it.
*/
function readFloat64BE(array, offset) {
if (offset === void 0) { offset = 0; }
var view = new DataView(array.buffer, array.byteOffset, array.byteLength);
return view.getFloat64(offset);
}
exports.readFloat64BE = readFloat64BE;
/**
* Reads 8 bytes from array starting at offset as little-endian
* 64-bit floating-point number ("double") and returns it.
*/
function readFloat64LE(array, offset) {
if (offset === void 0) { offset = 0; }
var view = new DataView(array.buffer, array.byteOffset, array.byteLength);
return view.getFloat64(offset, true);
}
exports.readFloat64LE = readFloat64LE;
/**
* Writes 4-byte big-endian floating-point representation of value
* to byte array starting at offset.
*
* If byte array is not given, creates a new 4-byte one.
*
* Returns the output byte array.
*/
function writeFloat32BE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(4); }
if (offset === void 0) { offset = 0; }
var view = new DataView(out.buffer, out.byteOffset, out.byteLength);
view.setFloat32(offset, value);
return out;
}
exports.writeFloat32BE = writeFloat32BE;
/**
* Writes 4-byte little-endian floating-point representation of value
* to byte array starting at offset.
*
* If byte array is not given, creates a new 4-byte one.
*
* Returns the output byte array.
*/
function writeFloat32LE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(4); }
if (offset === void 0) { offset = 0; }
var view = new DataView(out.buffer, out.byteOffset, out.byteLength);
view.setFloat32(offset, value, true);
return out;
}
exports.writeFloat32LE = writeFloat32LE;
/**
* Writes 8-byte big-endian floating-point representation of value
* to byte array starting at offset.
*
* If byte array is not given, creates a new 8-byte one.
*
* Returns the output byte array.
*/
function writeFloat64BE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(8); }
if (offset === void 0) { offset = 0; }
var view = new DataView(out.buffer, out.byteOffset, out.byteLength);
view.setFloat64(offset, value);
return out;
}
exports.writeFloat64BE = writeFloat64BE;
/**
* Writes 8-byte little-endian floating-point representation of value
* to byte array starting at offset.
*
* If byte array is not given, creates a new 8-byte one.
*
* Returns the output byte array.
*/
function writeFloat64LE(value, out, offset) {
if (out === void 0) { out = new Uint8Array(8); }
if (offset === void 0) { offset = 0; }
var view = new DataView(out.buffer, out.byteOffset, out.byteLength);
view.setFloat64(offset, value, true);
return out;
}
exports.writeFloat64LE = writeFloat64LE;
//# sourceMappingURL=binary.js.map
/***/ }),
/***/ 4589:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
"use strict";
// Copyright (C) 2016 Dmitry Chestnykh
// MIT License. See LICENSE file for details.
Object.defineProperty(exports, "__esModule", ({ value: true }));
/**
* Package chacha implements ChaCha stream cipher.
*/
var binary_1 = __webpack_require__(392);
var wipe_1 = __webpack_require__(820);
// Number of ChaCha rounds (ChaCha20).
var ROUNDS = 20;
// Applies the ChaCha core function to 16-byte input,
// 32-byte key key, and puts the result into 64-byte array out.
function core(out, input, key) {
var j0 = 0x61707865; // "expa" -- ChaCha's "sigma" constant
var j1 = 0x3320646E; // "nd 3" for 32-byte keys
var j2 = 0x79622D32; // "2-by"
var j3 = 0x6B206574; // "te k"
var j4 = (key[3] << 24) | (key[2] << 16) | (key[1] << 8) | key[0];
var j5 = (key[7] << 24) | (key[6] << 16) | (key[5] << 8) | key[4];
var j6 = (key[11] << 24) | (key[10] << 16) | (key[9] << 8) | key[8];
var j7 = (key[15] << 24) | (key[14] << 16) | (key[13] << 8) | key[12];
var j8 = (key[19] << 24) | (key[18] << 16) | (key[17] << 8) | key[16];
var j9 = (key[23] << 24) | (key[22] << 16) | (key[21] << 8) | key[20];
var j10 = (key[27] << 24) | (key[26] << 16) | (key[25] << 8) | key[24];
var j11 = (key[31] << 24) | (key[30] << 16) | (key[29] << 8) | key[28];
var j12 = (input[3] << 24) | (input[2] << 16) | (input[1] << 8) | input[0];
var j13 = (input[7] << 24) | (input[6] << 16) | (input[5] << 8) | input[4];
var j14 = (input[11] << 24) | (input[10] << 16) | (input[9] << 8) | input[8];
var j15 = (input[15] << 24) | (input[14] << 16) | (input[13] << 8) | input[12];
var x0 = j0;
var x1 = j1;
var x2 = j2;
var x3 = j3;
var x4 = j4;
var x5 = j5;
var x6 = j6;
var x7 = j7;
var x8 = j8;
var x9 = j9;
var x10 = j10;
var x11 = j11;
var x12 = j12;
var x13 = j13;
var x14 = j14;
var x15 = j15;
for (var i = 0; i < ROUNDS; i += 2) {
x0 = x0 + x4 | 0;
x12 ^= x0;
x12 = x12 >>> (32 - 16) | x12 << 16;
x8 = x8 + x12 | 0;
x4 ^= x8;
x4 = x4 >>> (32 - 12) | x4 << 12;
x1 = x1 + x5 | 0;
x13 ^= x1;
x13 = x13 >>> (32 - 16) | x13 << 16;
x9 = x9 + x13 | 0;
x5 ^= x9;
x5 = x5 >>> (32 - 12) | x5 << 12;
x2 = x2 + x6 | 0;
x14 ^= x2;
x14 = x14 >>> (32 - 16) | x14 << 16;
x10 = x10 + x14 | 0;
x6 ^= x10;
x6 = x6 >>> (32 - 12) | x6 << 12;
x3 = x3 + x7 | 0;
x15 ^= x3;
x15 = x15 >>> (32 - 16) | x15 << 16;
x11 = x11 + x15 | 0;
x7 ^= x11;
x7 = x7 >>> (32 - 12) | x7 << 12;
x2 = x2 + x6 | 0;
x14 ^= x2;
x14 = x14 >>> (32 - 8) | x14 << 8;
x10 = x10 + x14 | 0;
x6 ^= x10;
x6 = x6 >>> (32 - 7) | x6 << 7;
x3 = x3 + x7 | 0;
x15 ^= x3;
x15 = x15 >>> (32 - 8) | x15 << 8;
x11 = x11 + x15 | 0;
x7 ^= x11;
x7 = x7 >>> (32 - 7) | x7 << 7;
x1 = x1 + x5 | 0;
x13 ^= x1;
x13 = x13 >>> (32 - 8) | x13 << 8;
x9 = x9 + x13 | 0;
x5 ^= x9;
x5 = x5 >>> (32 - 7) | x5 << 7;
x0 = x0 + x4 | 0;
x12 ^= x0;
x12 = x12 >>> (32 - 8) | x12 << 8;
x8 = x8 + x12 | 0;
x4 ^= x8;
x4 = x4 >>> (32 - 7) | x4 << 7;
x0 = x0 + x5 | 0;
x15 ^= x0;
x15 = x15 >>> (32 - 16) | x15 << 16;
x10 = x10 + x15 | 0;
x5 ^= x10;
x5 = x5 >>> (32 - 12) | x5 << 12;
x1 = x1 + x6 | 0;
x12 ^= x1;
x12 = x12 >>> (32 - 16) | x12 << 16;
x11 = x11 + x12 | 0;
x6 ^= x11;
x6 = x6 >>> (32 - 12) | x6 << 12;
x2 = x2 + x7 | 0;
x13 ^= x2;
x13 = x13 >>> (32 - 16) | x13 << 16;
x8 = x8 + x13 | 0;
x7 ^= x8;
x7 = x7 >>> (32 - 12) | x7 << 12;
x3 = x3 + x4 | 0;
x14 ^= x3;
x14 = x14 >>> (32 - 16) | x14 << 16;
x9 = x9 + x14 | 0;
x4 ^= x9;
x4 = x4 >>> (32 - 12) | x4 << 12;
x2 = x2 + x7 | 0;
x13 ^= x2;
x13 = x13 >>> (32 - 8) | x13 << 8;
x8 = x8 + x13 | 0;
x7 ^= x8;
x7 = x7 >>> (32 - 7) | x7 << 7;
x3 = x3 + x4 | 0;
x14 ^= x3;
x14 = x14 >>> (32 - 8) | x14 << 8;
x9 = x9 + x14 | 0;
x4 ^= x9;
x4 = x4 >>> (32 - 7) | x4 << 7;
x1 = x1 + x6 | 0;
x12 ^= x1;
x12 = x12 >>> (32 - 8) | x12 << 8;
x11 = x11 + x12 | 0;
x6 ^= x11;
x6 = x6 >>> (32 - 7) | x6 << 7;
x0 = x0 + x5 | 0;
x15 ^= x0;
x15 = x15 >>> (32 - 8) | x15 << 8;
x10 = x10 + x15 | 0;
x5 ^= x10;
x5 = x5 >>> (32 - 7) | x5 << 7;
}
binary_1.writeUint32LE(x0 + j0 | 0, out, 0);
binary_1.writeUint32LE(x1 + j1 | 0, out, 4);
binary_1.writeUint32LE(x2 + j2 | 0, out, 8);
binary_1.writeUint32LE(x3 + j3 | 0, out, 12);
binary_1.writeUint32LE(x4 + j4 | 0, out, 16);
binary_1.writeUint32LE(x5 + j5 | 0, out, 20);
binary_1.writeUint32LE(x6 + j6 | 0, out, 24);
binary_1.writeUint32LE(x7 + j7 | 0, out, 28);
binary_1.writeUint32LE(x8 + j8 | 0, out, 32);
binary_1.writeUint32LE(x9 + j9 | 0, out, 36);
binary_1.writeUint32LE(x10 + j10 | 0, out, 40);
binary_1.writeUint32LE(x11 + j11 | 0, out, 44);
binary_1.writeUint32LE(x12 + j12 | 0, out, 48);
binary_1.writeUint32LE(x13 + j13 | 0, out, 52);
binary_1.writeUint32LE(x14 + j14 | 0, out, 56);
binary_1.writeUint32LE(x15 + j15 | 0, out, 60);
}
/**
* Encrypt src with ChaCha20 stream generated for the given 32-byte key and
* 8-byte (as in original implementation) or 12-byte (as in RFC7539) nonce and
* write the result into dst and return it.
*
* dst and src may be the same, but otherwise must not overlap.
*
* If nonce is 12 bytes, users should not encrypt more than 256 GiB with the
* same key and nonce, otherwise the stream will repeat. The function will
* throw error if counter overflows to prevent this.
*
* If nonce is 8 bytes, the output is practically unlimited (2^70 bytes, which
* is more than a million petabytes). However, it is not recommended to
* generate 8-byte nonces randomly, as the chance of collision is high.
*
* Never use the same key and nonce to encrypt more than one message.
*
* If nonceInplaceCounterLength is not 0, the nonce is assumed to be a 16-byte
* array with stream counter in first nonceInplaceCounterLength bytes and nonce
* in the last remaining bytes. The counter will be incremented inplace for
* each ChaCha block. This is useful if you need to encrypt one stream of data
* in chunks.
*/
function streamXOR(key, nonce, src, dst, nonceInplaceCounterLength) {
if (nonceInplaceCounterLength === void 0) { nonceInplaceCounterLength = 0; }
// We only support 256-bit keys.
if (key.length !== 32) {
throw new Error("ChaCha: key size must be 32 bytes");
}
if (dst.length < src.length) {
throw new Error("ChaCha: destination is shorter than source");
}
var nc;
var counterLength;
if (nonceInplaceCounterLength === 0) {
if (nonce.length !== 8 && nonce.length !== 12) {
throw new Error("ChaCha nonce must be 8 or 12 bytes");
}
nc = new Uint8Array(16);
// First counterLength bytes of nc are counter, starting with zero.
counterLength = nc.length - nonce.length;
// Last bytes of nc after counterLength are nonce, set them.
nc.set(nonce, counterLength);
}
else {
if (nonce.length !== 16) {
throw new Error("ChaCha nonce with counter must be 16 bytes");
}
// This will update passed nonce with counter inplace.
nc = nonce;
counterLength = nonceInplaceCounterLength;
}
// Allocate temporary space for ChaCha block.
var block = new Uint8Array(64);
for (var i = 0; i < src.length; i += 64) {
// Generate a block.
core(block, nc, key);
// XOR block bytes with src into dst.
for (var j = i; j < i + 64 && j < src.length; j++) {
dst[j] = src[j] ^ block[j - i];
}
// Increment counter.
incrementCounter(nc, 0, counterLength);
}
// Cleanup temporary space.
wipe_1.wipe(block);
if (nonceInplaceCounterLength === 0) {
// Cleanup counter.
wipe_1.wipe(nc);
}
return dst;
}
exports.streamXOR = streamXOR;
/**
* Generate ChaCha20 stream for the given 32-byte key and 8-byte or 12-byte
* nonce and write it into dst and return it.
*
* Never use the same key and nonce to generate more than one stream.
*
* If nonceInplaceCounterLength is not 0, it behaves the same with respect to
* the nonce as described in the streamXOR documentation.
*
* stream is like streamXOR with all-zero src.
*/
function stream(key, nonce, dst, nonceInplaceCounterLength) {
if (nonceInplaceCounterLength === void 0) { nonceInplaceCounterLength = 0; }
wipe_1.wipe(dst);
return streamXOR(key, nonce, dst, dst, nonceInplaceCounterLength);
}
exports.stream = stream;
function incrementCounter(counter, pos, len) {
var carry = 1;
while (len--) {
carry = carry + (counter[pos] & 0xff) | 0;
counter[pos] = carry & 0xff;
carry >>>= 8;
pos++;
}
if (carry > 0) {
throw new Error("ChaCha: counter overflow");
}
}
//# sourceMappingURL=chacha.js.map
/***/ }),
/***/ 9424:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
"use strict";
var __webpack_unused_export__;
// Copyright (C) 2016 Dmitry Chestnykh
// MIT License. See LICENSE file for details.
__webpack_unused_export__ = ({ value: true });
var chacha_1 = __webpack_require__(4589);
var poly1305_1 = __webpack_require__(4125);
var wipe_1 = __webpack_require__(820);
var binary_1 = __webpack_require__(392);
var constant_time_1 = __webpack_require__(9722);
exports.Cv = 32;
exports.WH = 12;
exports.pg = 16;
var ZEROS = new Uint8Array(16);
/**
* ChaCha20-Poly1305 Authenticated Encryption with Associated Data.
*
* Defined in RFC7539.
*/
var ChaCha20Poly1305 = /** @class */ (function () {
/**
* Creates a new instance with the given 32-byte key.
*/
function ChaCha20Poly1305(key) {
this.nonceLength = exports.WH;
this.tagLength = exports.pg;
if (key.length !== exports.Cv) {
throw new Error("ChaCha20Poly1305 needs 32-byte key");
}
// Copy key.
this._key = new Uint8Array(key);
}
/**
* Encrypts and authenticates plaintext, authenticates associated data,
* and returns sealed ciphertext, which includes authentication tag.
*
* RFC7539 specifies 12 bytes for nonce. It may be this 12-byte nonce
* ("IV"), or full 16-byte counter (called "32-bit fixed-common part")
* and nonce.
*
* If dst is given (it must be the size of plaintext + the size of tag
* length) the result will be put into it. Dst and plaintext must not
* overlap.
*/
ChaCha20Poly1305.prototype.seal = function (nonce, plaintext, associatedData, dst) {
if (nonce.length > 16) {
throw new Error("ChaCha20Poly1305: incorrect nonce length");
}
// Allocate space for counter, and set nonce as last bytes of it.
var counter = new Uint8Array(16);
counter.set(nonce, counter.length - nonce.length);
// Generate authentication key by taking first 32-bytes of stream.
// We pass full counter, which has 12-byte nonce and 4-byte block counter,
// and it will get incremented after generating the block, which is
// exactly what we need: we only use the first 32 bytes of 64-byte
// ChaCha block and discard the next 32 bytes.
var authKey = new Uint8Array(32);
chacha_1.stream(this._key, counter, authKey, 4);
// Allocate space for sealed ciphertext.
var resultLength = plaintext.length + this.tagLength;
var result;
if (dst) {
if (dst.length !== resultLength) {
throw new Error("ChaCha20Poly1305: incorrect destination length");
}
result = dst;
}
else {
result = new Uint8Array(resultLength);
}
// Encrypt plaintext.
chacha_1.streamXOR(this._key, counter, plaintext, result, 4);
// Authenticate.
// XXX: can "simplify" here: pass full result (which is already padded
// due to zeroes prepared for tag), and ciphertext length instead of
// subarray of result.
this._authenticate(result.subarray(result.length - this.tagLength, result.length), authKey, result.subarray(0, result.length - this.tagLength), associatedData);
// Cleanup.
wipe_1.wipe(counter);
return result;
};
/**
* Authenticates sealed ciphertext (which includes authentication tag) and
* associated data, decrypts ciphertext and returns decrypted plaintext.
*
* RFC7539 specifies 12 bytes for nonce. It may be this 12-byte nonce
* ("IV"), or full 16-byte counter (called "32-bit fixed-common part")
* and nonce.
*
* If authentication fails, it returns null.
*
* If dst is given (it must be of ciphertext length minus tag length),
* the result will be put into it. Dst and plaintext must not overlap.
*/
ChaCha20Poly1305.prototype.open = function (nonce, sealed, associatedData, dst) {
if (nonce.length > 16) {
throw new Error("ChaCha20Poly1305: incorrect nonce length");
}
// Sealed ciphertext should at least contain tag.
if (sealed.length < this.tagLength) {
// TODO(dchest): should we throw here instead?
return null;
}
// Allocate space for counter, and set nonce as last bytes of it.
var counter = new Uint8Array(16);
counter.set(nonce, counter.length - nonce.length);
// Generate authentication key by taking first 32-bytes of stream.
var authKey = new Uint8Array(32);
chacha_1.stream(this._key, counter, authKey, 4);
// Authenticate.
// XXX: can simplify and avoid allocation: since authenticate()
// already allocates tag (from Poly1305.digest(), it can return)
// it instead of copying to calculatedTag. But then in seal()
// we'll need to copy it.
var calculatedTag = new Uint8Array(this.tagLength);
this._authenticate(calculatedTag, authKey, sealed.subarray(0, sealed.length - this.tagLength), associatedData);
// Constant-time compare tags and return null if they differ.
if (!constant_time_1.equal(calculatedTag, sealed.subarray(sealed.length - this.tagLength, sealed.length))) {
return null;
}
// Allocate space for decrypted plaintext.
var resultLength = sealed.length - this.tagLength;
var result;
if (dst) {
if (dst.length !== resultLength) {
throw new Error("ChaCha20Poly1305: incorrect destination length");
}
result = dst;
}
else {
result = new Uint8Array(resultLength);
}
// Decrypt.
chacha_1.streamXOR(this._key, counter, sealed.subarray(0, sealed.length - this.tagLength), result, 4);
// Cleanup.
wipe_1.wipe(counter);
return result;
};
ChaCha20Poly1305.prototype.clean = function () {
wipe_1.wipe(this._key);
return this;
};
ChaCha20Poly1305.prototype._authenticate = function (tagOut, authKey, ciphertext, associatedData) {
// Initialize Poly1305 with authKey.
var h = new poly1305_1.Poly1305(authKey);
// Authenticate padded associated data.
if (associatedData) {
h.update(associatedData);
if (associatedData.length % 16 > 0) {
h.update(ZEROS.subarray(associatedData.length % 16));
}
}
// Authenticate padded ciphertext.
h.update(ciphertext);
if (ciphertext.length % 16 > 0) {
h.update(ZEROS.subarray(ciphertext.length % 16));
}
// Authenticate length of associated data.
// XXX: can avoid allocation here?
var length = new Uint8Array(8);
if (associatedData) {
binary_1.writeUint64LE(associatedData.length, length);
}
h.update(length);
// Authenticate length of ciphertext.
binary_1.writeUint64LE(ciphertext.length, length);
h.update(length);
// Get tag and copy it into tagOut.
var tag = h.digest();
for (var i = 0; i < tag.length; i++) {
tagOut[i] = tag[i];
}
// Cleanup.
h.clean();
wipe_1.wipe(tag);
wipe_1.wipe(length);
};
return ChaCha20Poly1305;
}());
exports.OK = ChaCha20Poly1305;
//# sourceMappingURL=chacha20poly1305.js.map
/***/ }),
/***/ 9722:
/***/ ((__unused_webpack_module, exports) => {
"use strict";
// Copyright (C) 2016 Dmitry Chestnykh
// MIT License. See LICENSE file for details.
Object.defineProperty(exports, "__esModule", ({ value: true }));
/**
* Package constant-time provides functions for performing algorithmically constant-time operations.
*/
/**
* NOTE! Due to the inability to guarantee real constant time evaluation of
* anything in JavaScript VM, this is module is the best effort.
*/
/**
* Returns resultIfOne if subject is 1, or resultIfZero if subject is 0.
*
* Supports only 32-bit integers, so resultIfOne or resultIfZero are not
* integers, they'll be converted to them with bitwise operations.
*/
function select(subject, resultIfOne, resultIfZero) {
return (~(subject - 1) & resultIfOne) | ((subject - 1) & resultIfZero);
}
exports.select = select;
/**
* Returns 1 if a <= b, or 0 if not.
* Arguments must be positive 32-bit integers less than or equal to 2^31 - 1.
*/
function lessOrEqual(a, b) {
return (((a | 0) - (b | 0) - 1) >>> 31) & 1;
}
exports.lessOrEqual = lessOrEqual;
/**
* Returns 1 if a and b are of equal length and their contents
* are equal, or 0 otherwise.
*
* Note that unlike in equal(), zero-length inputs are considered
* the same, so this function will return 1.
*/
function compare(a, b) {
if (a.length !== b.length) {
return 0;
}
var result = 0;
for (var i = 0; i < a.length; i++) {
result |= a[i] ^ b[i];
}
return (1 & ((result - 1) >>> 8));
}
exports.compare = compare;
/**
* Returns true if a and b are of equal non-zero length,
* and their contents are equal, or false otherwise.
*
* Note that unlike in compare() zero-length inputs are considered
* _not_ equal, so this function will return false.
*/
function equal(a, b) {
if (a.length === 0 || b.length === 0) {
return false;
}
return compare(a, b) !== 0;
}
exports.equal = equal;
//# sourceMappingURL=constant-time.js.map
/***/ }),
/***/ 2113:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
"use strict";
var __webpack_unused_export__;
// Copyright (C) 2016 Dmitry Chestnykh
// MIT License. See LICENSE file for details.
__webpack_unused_export__ = ({ value: true });
__webpack_unused_export__ = __webpack_unused_export__ = __webpack_unused_export__ = exports.Xx = __webpack_unused_export__ = __webpack_unused_export__ = exports._w = exports.aP = exports.KS = __webpack_unused_export__ = exports.jQ = void 0;
/**
* Package ed25519 implements Ed25519 public-key signature algorithm.
*/
const random_1 = __webpack_require__(7379);
const sha512_1 = __webpack_require__(3342);
const wipe_1 = __webpack_require__(820);
exports.jQ = 64;
__webpack_unused_export__ = 32;
exports.KS = 64;
exports.aP = 32;
// Returns new zero-filled 16-element GF (Float64Array).
// If passed an array of numbers, prefills the returned
// array with them.
//
// We use Float64Array, because we need 48-bit numbers
// for this implementation.
function gf(init) {
const r = new Float64Array(16);
if (init) {
for (let i = 0; i < init.length; i++) {
r[i] = init[i];
}
}
return r;
}
// Base point.
const _9 = new Uint8Array(32);
_9[0] = 9;
const gf0 = gf();
const gf1 = gf([1]);
const D = gf([
0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070,
0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203
]);
const D2 = gf([
0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0,
0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406
]);
const X = gf([
0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c,
0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169
]);
const Y = gf([
0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666
]);
const I = gf([
0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43,
0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83
]);
function set25519(r, a) {
for (let i = 0; i < 16; i++) {
r[i] = a[i] | 0;
}
}
function car25519(o) {
let c = 1;
for (let i = 0; i < 16; i++) {
let v = o[i] + c + 65535;
c = Math.floor(v / 65536);
o[i] = v - c * 65536;
}
o[0] += c - 1 + 37 * (c - 1);
}
function sel25519(p, q, b) {
const c = ~(b - 1);
for (let i = 0; i < 16; i++) {
const t = c & (p[i] ^ q[i]);
p[i] ^= t;
q[i] ^= t;
}
}
function pack25519(o, n) {
const m = gf();
const t = gf();
for (let i = 0; i < 16; i++) {
t[i] = n[i];
}
car25519(t);
car25519(t);
car25519(t);
for (let j = 0; j < 2; j++) {
m[0] = t[0] - 0xffed;
for (let i = 1; i < 15; i++) {
m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);
m[i - 1] &= 0xffff;
}
m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);
const b = (m[15] >> 16) & 1;
m[14] &= 0xffff;
sel25519(t, m, 1 - b);
}
for (let i = 0; i < 16; i++) {
o[2 * i] = t[i] & 0xff;
o[2 * i + 1] = t[i] >> 8;
}
}
function verify32(x, y) {
let d = 0;
for (let i = 0; i < 32; i++) {
d |= x[i] ^ y[i];
}
return (1 & ((d - 1) >>> 8)) - 1;
}
function neq25519(a, b) {
const c = new Uint8Array(32);
const d = new Uint8Array(32);
pack25519(c, a);
pack25519(d, b);
return verify32(c, d);
}
function par25519(a) {
const d = new Uint8Array(32);
pack25519(d, a);
return d[0] & 1;
}
function unpack25519(o, n) {
for (let i = 0; i < 16; i++) {
o[i] = n[2 * i] + (n[2 * i + 1] << 8);
}
o[15] &= 0x7fff;
}
function add(o, a, b) {
for (let i = 0; i < 16; i++) {
o[i] = a[i] + b[i];
}
}
function sub(o, a, b) {
for (let i = 0; i < 16; i++) {
o[i] = a[i] - b[i];
}
}
function mul(o, a, b) {
let v, c, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4], b5 = b[5], b6 = b[6], b7 = b[7], b8 = b[8], b9 = b[9], b10 = b[10], b11 = b[11], b12 = b[12], b13 = b[13], b14 = b[14], b15 = b[15];
v = a[0];
t0 += v * b0;
t1 += v * b1;
t2 += v * b2;
t3 += v * b3;
t4 += v * b4;
t5 += v * b5;
t6 += v * b6;
t7 += v * b7;
t8 += v * b8;
t9 += v * b9;
t10 += v * b10;
t11 += v * b11;
t12 += v * b12;
t13 += v * b13;
t14 += v * b14;
t15 += v * b15;
v = a[1];
t1 += v * b0;
t2 += v * b1;
t3 += v * b2;
t4 += v * b3;
t5 += v * b4;
t6 += v * b5;
t7 += v * b6;
t8 += v * b7;
t9 += v * b8;
t10 += v * b9;
t11 += v * b10;
t12 += v * b11;
t13 += v * b12;
t14 += v * b13;
t15 += v * b14;
t16 += v * b15;
v = a[2];
t2 += v * b0;
t3 += v * b1;
t4 += v * b2;
t5 += v * b3;
t6 += v * b4;
t7 += v * b5;
t8 += v * b6;
t9 += v * b7;
t10 += v * b8;
t11 += v * b9;
t12 += v * b10;
t13 += v * b11;
t14 += v * b12;
t15 += v * b13;
t16 += v * b14;
t17 += v * b15;
v = a[3];
t3 += v * b0;
t4 += v * b1;
t5 += v * b2;
t6 += v * b3;
t7 += v * b4;
t8 += v * b5;
t9 += v * b6;
t10 += v * b7;
t11 += v * b8;
t12 += v * b9;
t13 += v * b10;
t14 += v * b11;
t15 += v * b12;
t16 += v * b13;
t17 += v * b14;
t18 += v * b15;
v = a[4];
t4 += v * b0;
t5 += v * b1;
t6 += v * b2;
t7 += v * b3;
t8 += v * b4;
t9 += v * b5;
t10 += v * b6;
t11 += v * b7;
t12 += v * b8;
t13 += v * b9;
t14 += v * b10;
t15 += v * b11;
t16 += v * b12;
t17 += v * b13;
t18 += v * b14;
t19 += v * b15;
v = a[5];
t5 += v * b0;
t6 += v * b1;
t7 += v * b2;
t8 += v * b3;
t9 += v * b4;
t10 += v * b5;
t11 += v * b6;
t12 += v * b7;
t13 += v * b8;
t14 += v * b9;
t15 += v * b10;
t16 += v * b11;
t17 += v * b12;
t18 += v * b13;
t19 += v * b14;
t20 += v * b15;
v = a[6];
t6 += v * b0;
t7 += v * b1;
t8 += v * b2;
t9 += v * b3;
t10 += v * b4;
t11 += v * b5;
t12 += v * b6;
t13 += v * b7;
t14 += v * b8;
t15 += v * b9;
t16 += v * b10;
t17 += v * b11;
t18 += v * b12;
t19 += v * b13;
t20 += v * b14;
t21 += v * b15;
v = a[7];
t7 += v * b0;
t8 += v * b1;
t9 += v * b2;
t10 += v * b3;
t11 += v * b4;
t12 += v * b5;
t13 += v * b6;
t14 += v * b7;
t15 += v * b8;
t16 += v * b9;
t17 += v * b10;
t18 += v * b11;
t19 += v * b12;
t20 += v * b13;
t21 += v * b14;
t22 += v * b15;
v = a[8];
t8 += v * b0;
t9 += v * b1;
t10 += v * b2;
t11 += v * b3;
t12 += v * b4;
t13 += v * b5;
t14 += v * b6;
t15 += v * b7;
t16 += v * b8;
t17 += v * b9;
t18 += v * b10;
t19 += v * b11;
t20 += v * b12;
t21 += v * b13;
t22 += v * b14;
t23 += v * b15;
v = a[9];
t9 += v * b0;
t10 += v * b1;
t11 += v * b2;
t12 += v * b3;
t13 += v * b4;
t14 += v * b5;
t15 += v * b6;
t16 += v * b7;
t17 += v * b8;
t18 += v * b9;
t19 += v * b10;
t20 += v * b11;
t21 += v * b12;
t22 += v * b13;
t23 += v * b14;
t24 += v * b15;
v = a[10];
t10 += v * b0;
t11 += v * b1;
t12 += v * b2;
t13 += v * b3;
t14 += v * b4;
t15 += v * b5;
t16 += v * b6;
t17 += v * b7;
t18 += v * b8;
t19 += v * b9;
t20 += v * b10;
t21 += v * b11;
t22 += v * b12;
t23 += v * b13;
t24 += v * b14;
t25 += v * b15;
v = a[11];
t11 += v * b0;
t12 += v * b1;
t13 += v * b2;
t14 += v * b3;
t15 += v * b4;
t16 += v * b5;
t17 += v * b6;
t18 += v * b7;
t19 += v * b8;
t20 += v * b9;
t21 += v * b10;
t22 += v * b11;
t23 += v * b12;
t24 += v * b13;
t25 += v * b14;
t26 += v * b15;
v = a[12];
t12 += v * b0;
t13 += v * b1;
t14 += v * b2;
t15 += v * b3;
t16 += v * b4;
t17 += v * b5;
t18 += v * b6;
t19 += v * b7;
t20 += v * b8;
t21 += v * b9;
t22 += v * b10;
t23 += v * b11;
t24 += v * b12;
t25 += v * b13;
t26 += v * b14;
t27 += v * b15;
v = a[13];
t13 += v * b0;
t14 += v * b1;
t15 += v * b2;
t16 += v * b3;
t17 += v * b4;
t18 += v * b5;
t19 += v * b6;
t20 += v * b7;
t21 += v * b8;
t22 += v * b9;
t23 += v * b10;
t24 += v * b11;
t25 += v * b12;
t26 += v * b13;
t27 += v * b14;
t28 += v * b15;
v = a[14];
t14 += v * b0;
t15 += v * b1;
t16 += v * b2;
t17 += v * b3;
t18 += v * b4;
t19 += v * b5;
t20 += v * b6;
t21 += v * b7;
t22 += v * b8;
t23 += v * b9;
t24 += v * b10;
t25 += v * b11;
t26 += v * b12;
t27 += v * b13;
t28 += v * b14;
t29 += v * b15;
v = a[15];
t15 += v * b0;
t16 += v * b1;
t17 += v * b2;
t18 += v * b3;
t19 += v * b4;
t20 += v * b5;
t21 += v * b6;
t22 += v * b7;
t23 += v * b8;
t24 += v * b9;
t25 += v * b10;
t26 += v * b11;
t27 += v * b12;
t28 += v * b13;
t29 += v * b14;
t30 += v * b15;
t0 += 38 * t16;
t1 += 38 * t17;
t2 += 38 * t18;
t3 += 38 * t19;
t4 += 38 * t20;
t5 += 38 * t21;
t6 += 38 * t22;
t7 += 38 * t23;
t8 += 38 * t24;
t9 += 38 * t25;
t10 += 38 * t26;
t11 += 38 * t27;
t12 += 38 * t28;
t13 += 38 * t29;
t14 += 38 * t30;
// t15 left as is
// first car
c = 1;
v = t0 + c + 65535;
c = Math.floor(v / 65536);
t0 = v - c * 65536;
v = t1 + c + 65535;
c = Math.floor(v / 65536);
t1 = v - c * 65536;
v = t2 + c + 65535;
c = Math.floor(v / 65536);
t2 = v - c * 65536;
v = t3 + c + 65535;
c = Math.floor(v / 65536);
t3 = v - c * 65536;
v = t4 + c + 65535;
c = Math.floor(v / 65536);
t4 = v - c * 65536;
v = t5 + c + 65535;
c = Math.floor(v / 65536);
t5 = v - c * 65536;
v = t6 + c + 65535;
c = Math.floor(v / 65536);
t6 = v - c * 65536;
v = t7 + c + 65535;
c = Math.floor(v / 65536);
t7 = v - c * 65536;
v = t8 + c + 65535;
c = Math.floor(v / 65536);
t8 = v - c * 65536;
v = t9 + c + 65535;
c = Math.floor(v / 65536);
t9 = v - c * 65536;
v = t10 + c + 65535;
c = Math.floor(v / 65536);
t10 = v - c * 65536;
v = t11 + c + 65535;
c = Math.floor(v / 65536);
t11 = v - c * 65536;
v = t12 + c + 65535;
c = Math.floor(v / 65536);
t12 = v - c * 65536;
v = t13 + c + 65535;
c = Math.floor(v / 65536);
t13 = v - c * 65536;
v = t14 + c + 65535;
c = Math.floor(v / 65536);
t14 = v - c * 65536;
v = t15 + c + 65535;
c = Math.floor(v / 65536);
t15 = v - c * 65536;
t0 += c - 1 + 37 * (c - 1);
// second car
c = 1;
v = t0 + c + 65535;
c = Math.floor(v / 65536);
t0 = v - c * 65536;
v = t1 + c + 65535;
c = Math.floor(v / 65536);
t1 = v - c * 65536;
v = t2 + c + 65535;
c = Math.floor(v / 65536);
t2 = v - c * 65536;
v = t3 + c + 65535;
c = Math.floor(v / 65536);
t3 = v - c * 65536;
v = t4 + c + 65535;
c = Math.floor(v / 65536);
t4 = v - c * 65536;
v = t5 + c + 65535;
c = Math.floor(v / 65536);
t5 = v - c * 65536;
v = t6 + c + 65535;
c = Math.floor(v / 65536);
t6 = v - c * 65536;
v = t7 + c + 65535;
c = Math.floor(v / 65536);
t7 = v - c * 65536;
v = t8 + c + 65535;
c = Math.floor(v / 65536);
t8 = v - c * 65536;
v = t9 + c + 65535;
c = Math.floor(v / 65536);
t9 = v - c * 65536;
v = t10 + c + 65535;
c = Math.floor(v / 65536);
t10 = v - c * 65536;
v = t11 + c + 65535;
c = Math.floor(v / 65536);
t11 = v - c * 65536;
v = t12 + c + 65535;
c = Math.floor(v / 65536);
t12 = v - c * 65536;
v = t13 + c + 65535;
c = Math.floor(v / 65536);
t13 = v - c * 65536;
v = t14 + c + 65535;
c = Math.floor(v / 65536);
t14 = v - c * 65536;
v = t15 + c + 65535;
c = Math.floor(v / 65536);
t15 = v - c * 65536;
t0 += c - 1 + 37 * (c - 1);
o[0] = t0;
o[1] = t1;
o[2] = t2;
o[3] = t3;
o[4] = t4;
o[5] = t5;
o[6] = t6;
o[7] = t7;
o[8] = t8;
o[9] = t9;
o[10] = t10;
o[11] = t11;
o[12] = t12;
o[13] = t13;
o[14] = t14;
o[15] = t15;
}
function square(o, a) {
mul(o, a, a);
}
function inv25519(o, i) {
const c = gf();
let a;
for (a = 0; a < 16; a++) {
c[a] = i[a];
}
for (a = 253; a >= 0; a--) {
square(c, c);
if (a !== 2 && a !== 4) {
mul(c, c, i);
}
}
for (a = 0; a < 16; a++) {
o[a] = c[a];
}
}
function pow2523(o, i) {
const c = gf();
let a;
for (a = 0; a < 16; a++) {
c[a] = i[a];
}
for (a = 250; a >= 0; a--) {
square(c, c);
if (a !== 1) {
mul(c, c, i);
}
}
for (a = 0; a < 16; a++) {
o[a] = c[a];
}
}
function edadd(p, q) {
const a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(), g = gf(), h = gf(), t = gf();
sub(a, p[1], p[0]);
sub(t, q[1], q[0]);
mul(a, a, t);
add(b, p[0], p[1]);
add(t, q[0], q[1]);
mul(b, b, t);
mul(c, p[3], q[3]);
mul(c, c, D2);
mul(d, p[2], q[2]);
add(d, d, d);
sub(e, b, a);
sub(f, d, c);
add(g, d, c);
add(h, b, a);
mul(p[0], e, f);
mul(p[1], h, g);
mul(p[2], g, f);
mul(p[3], e, h);
}
function cswap(p, q, b) {
for (let i = 0; i < 4; i++) {
sel25519(p[i], q[i], b);
}
}
function pack(r, p) {
const tx = gf(), ty = gf(), zi = gf();
inv25519(zi, p[2]);
mul(tx, p[0], zi);
mul(ty, p[1], zi);
pack25519(r, ty);
r[31] ^= par25519(tx) << 7;
}
function scalarmult(p, q, s) {
set25519(p[0], gf0);
set25519(p[1], gf1);
set25519(p[2], gf1);
set25519(p[3], gf0);
for (let i = 255; i >= 0; --i) {
const b = (s[(i / 8) | 0] >> (i & 7)) & 1;
cswap(p, q, b);
edadd(q, p);
edadd(p, p);
cswap(p, q, b);
}
}
function scalarbase(p, s) {
const q = [gf(), gf(), gf(), gf()];
set25519(q[0], X);
set25519(q[1], Y);
set25519(q[2], gf1);
mul(q[3], X, Y);
scalarmult(p, q, s);
}
// Generates key pair from secret 32-byte seed.
function generateKeyPairFromSeed(seed) {
if (seed.length !== exports.aP) {
throw new Error(`ed25519: seed must be ${exports.aP} bytes`);
}
const d = (0, sha512_1.hash)(seed);
d[0] &= 248;
d[31] &= 127;
d[31] |= 64;
const publicKey = new Uint8Array(32);
const p = [gf(), gf(), gf(), gf()];
scalarb