{"ast":null,"code":"import _asyncToGenerator from \"/home/mleku/src/orly.dev/next/signer/node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js\";\nimport assert from './_assert.js';\nimport { sha256 } from './sha256.js';\nimport { pbkdf2 } from './pbkdf2.js';\nimport { asyncLoop, checkOpts, u32 } from './utils.js';\n// RFC 7914 Scrypt KDF\n// Left rotate for uint32\nconst rotl = (a, b) => a << b | a >>> 32 - b;\n// The main Scrypt loop: uses Salsa extensively.\n// Six versions of the function were tried, this is the fastest one.\n// prettier-ignore\nfunction XorAndSalsa(prev, pi, input, ii, out, oi) {\n  // Based on https://cr.yp.to/salsa20.html\n  // Xor blocks\n  let y00 = prev[pi++] ^ input[ii++],\n    y01 = prev[pi++] ^ input[ii++];\n  let y02 = prev[pi++] ^ input[ii++],\n    y03 = prev[pi++] ^ input[ii++];\n  let y04 = prev[pi++] ^ input[ii++],\n    y05 = prev[pi++] ^ input[ii++];\n  let y06 = prev[pi++] ^ input[ii++],\n    y07 = prev[pi++] ^ input[ii++];\n  let y08 = prev[pi++] ^ input[ii++],\n    y09 = prev[pi++] ^ input[ii++];\n  let y10 = prev[pi++] ^ input[ii++],\n    y11 = prev[pi++] ^ input[ii++];\n  let y12 = prev[pi++] ^ input[ii++],\n    y13 = prev[pi++] ^ input[ii++];\n  let y14 = prev[pi++] ^ input[ii++],\n    y15 = prev[pi++] ^ input[ii++];\n  // Save state to temporary variables (salsa)\n  let x00 = y00,\n    x01 = y01,\n    x02 = y02,\n    x03 = y03,\n    x04 = y04,\n    x05 = y05,\n    x06 = y06,\n    x07 = y07,\n    x08 = y08,\n    x09 = y09,\n    x10 = y10,\n    x11 = y11,\n    x12 = y12,\n    x13 = y13,\n    x14 = y14,\n    x15 = y15;\n  // Main loop (salsa)\n  for (let i = 0; i < 8; i += 2) {\n    x04 ^= rotl(x00 + x12 | 0, 7);\n    x08 ^= rotl(x04 + x00 | 0, 9);\n    x12 ^= rotl(x08 + x04 | 0, 13);\n    x00 ^= rotl(x12 + x08 | 0, 18);\n    x09 ^= rotl(x05 + x01 | 0, 7);\n    x13 ^= rotl(x09 + x05 | 0, 9);\n    x01 ^= rotl(x13 + x09 | 0, 13);\n    x05 ^= rotl(x01 + x13 | 0, 18);\n    x14 ^= rotl(x10 + x06 | 0, 7);\n    x02 ^= rotl(x14 + x10 | 0, 9);\n    x06 ^= rotl(x02 + x14 | 0, 13);\n    x10 ^= rotl(x06 + x02 | 0, 18);\n    x03 ^= rotl(x15 + x11 | 0, 7);\n    x07 ^= rotl(x03 + x15 | 0, 9);\n    x11 ^= rotl(x07 + x03 | 0, 13);\n    x15 ^= rotl(x11 + x07 | 0, 18);\n    x01 ^= rotl(x00 + x03 | 0, 7);\n    x02 ^= rotl(x01 + x00 | 0, 9);\n    x03 ^= rotl(x02 + x01 | 0, 13);\n    x00 ^= rotl(x03 + x02 | 0, 18);\n    x06 ^= rotl(x05 + x04 | 0, 7);\n    x07 ^= rotl(x06 + x05 | 0, 9);\n    x04 ^= rotl(x07 + x06 | 0, 13);\n    x05 ^= rotl(x04 + x07 | 0, 18);\n    x11 ^= rotl(x10 + x09 | 0, 7);\n    x08 ^= rotl(x11 + x10 | 0, 9);\n    x09 ^= rotl(x08 + x11 | 0, 13);\n    x10 ^= rotl(x09 + x08 | 0, 18);\n    x12 ^= rotl(x15 + x14 | 0, 7);\n    x13 ^= rotl(x12 + x15 | 0, 9);\n    x14 ^= rotl(x13 + x12 | 0, 13);\n    x15 ^= rotl(x14 + x13 | 0, 18);\n  }\n  // Write output (salsa)\n  out[oi++] = y00 + x00 | 0;\n  out[oi++] = y01 + x01 | 0;\n  out[oi++] = y02 + x02 | 0;\n  out[oi++] = y03 + x03 | 0;\n  out[oi++] = y04 + x04 | 0;\n  out[oi++] = y05 + x05 | 0;\n  out[oi++] = y06 + x06 | 0;\n  out[oi++] = y07 + x07 | 0;\n  out[oi++] = y08 + x08 | 0;\n  out[oi++] = y09 + x09 | 0;\n  out[oi++] = y10 + x10 | 0;\n  out[oi++] = y11 + x11 | 0;\n  out[oi++] = y12 + x12 | 0;\n  out[oi++] = y13 + x13 | 0;\n  out[oi++] = y14 + x14 | 0;\n  out[oi++] = y15 + x15 | 0;\n}\nfunction BlockMix(input, ii, out, oi, r) {\n  // The block B is r 128-byte chunks (which is equivalent of 2r 64-byte chunks)\n  let head = oi + 0;\n  let tail = oi + 16 * r;\n  for (let i = 0; i < 16; i++) out[tail + i] = input[ii + (2 * r - 1) * 16 + i]; // X ← B[2r−1]\n  for (let i = 0; i < r; i++, head += 16, ii += 16) {\n    // We write odd & even Yi at same time. Even: 0bXXXXX0 Odd:  0bXXXXX1\n    XorAndSalsa(out, tail, input, ii, out, head); // head[i] = Salsa(blockIn[2*i] ^ tail[i-1])\n    if (i > 0) tail += 16; // First iteration overwrites tmp value in tail\n    XorAndSalsa(out, head, input, ii += 16, out, tail); // tail[i] = Salsa(blockIn[2*i+1] ^ head[i])\n  }\n}\n// Common prologue and epilogue for sync/async functions\nfunction scryptInit(password, salt, _opts) {\n  // Maxmem - 1GB+1KB by default\n  const opts = checkOpts({\n    dkLen: 32,\n    asyncTick: 10,\n    maxmem: 1024 ** 3 + 1024\n  }, _opts);\n  const {\n    N,\n    r,\n    p,\n    dkLen,\n    asyncTick,\n    maxmem,\n    onProgress\n  } = opts;\n  assert.number(N);\n  assert.number(r);\n  assert.number(p);\n  assert.number(dkLen);\n  assert.number(asyncTick);\n  assert.number(maxmem);\n  if (onProgress !== undefined && typeof onProgress !== 'function') throw new Error('progressCb should be function');\n  const blockSize = 128 * r;\n  const blockSize32 = blockSize / 4;\n  if (N <= 1 || (N & N - 1) !== 0 || N >= 2 ** (blockSize / 8) || N > 2 ** 32) {\n    // NOTE: we limit N to be less than 2**32 because of 32 bit variant of Integrify function\n    // There is no JS engines that allows alocate more than 4GB per single Uint8Array for now, but can change in future.\n    throw new Error('Scrypt: N must be larger than 1, a power of 2, less than 2^(128 * r / 8) and less than 2^32');\n  }\n  if (p < 0 || p > (2 ** 32 - 1) * 32 / blockSize) {\n    throw new Error('Scrypt: p must be a positive integer less than or equal to ((2^32 - 1) * 32) / (128 * r)');\n  }\n  if (dkLen < 0 || dkLen > (2 ** 32 - 1) * 32) {\n    throw new Error('Scrypt: dkLen should be positive integer less than or equal to (2^32 - 1) * 32');\n  }\n  const memUsed = blockSize * (N + p);\n  if (memUsed > maxmem) {\n    throw new Error(`Scrypt: parameters too large, ${memUsed} (128 * r * (N + p)) > ${maxmem} (maxmem)`);\n  }\n  // [B0...Bp−1] ← PBKDF2HMAC-SHA256(Passphrase, Salt, 1, blockSize*ParallelizationFactor)\n  // Since it has only one iteration there is no reason to use async variant\n  const B = pbkdf2(sha256, password, salt, {\n    c: 1,\n    dkLen: blockSize * p\n  });\n  const B32 = u32(B);\n  // Re-used between parallel iterations. Array(iterations) of B\n  const V = u32(new Uint8Array(blockSize * N));\n  const tmp = u32(new Uint8Array(blockSize));\n  let blockMixCb = () => {};\n  if (onProgress) {\n    const totalBlockMix = 2 * N * p;\n    // Invoke callback if progress changes from 10.01 to 10.02\n    // Allows to draw smooth progress bar on up to 8K screen\n    const callbackPer = Math.max(Math.floor(totalBlockMix / 10000), 1);\n    let blockMixCnt = 0;\n    blockMixCb = () => {\n      blockMixCnt++;\n      if (onProgress && (!(blockMixCnt % callbackPer) || blockMixCnt === totalBlockMix)) onProgress(blockMixCnt / totalBlockMix);\n    };\n  }\n  return {\n    N,\n    r,\n    p,\n    dkLen,\n    blockSize32,\n    V,\n    B32,\n    B,\n    tmp,\n    blockMixCb,\n    asyncTick\n  };\n}\nfunction scryptOutput(password, dkLen, B, V, tmp) {\n  const res = pbkdf2(sha256, password, B, {\n    c: 1,\n    dkLen\n  });\n  B.fill(0);\n  V.fill(0);\n  tmp.fill(0);\n  return res;\n}\n/**\n * Scrypt KDF from RFC 7914.\n * @param password - pass\n * @param salt - salt\n * @param opts - parameters\n * - `N` is cpu/mem work factor (power of 2 e.g. 2**18)\n * - `r` is block size (8 is common), fine-tunes sequential memory read size and performance\n * - `p` is parallelization factor (1 is common)\n * - `dkLen` is output key length in bytes e.g. 32.\n * - `asyncTick` - (default: 10) max time in ms for which async function can block execution\n * - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt\n * - `onProgress` - callback function that would be executed for progress report\n * @returns Derived key\n */\nexport function scrypt(password, salt, opts) {\n  const {\n    N,\n    r,\n    p,\n    dkLen,\n    blockSize32,\n    V,\n    B32,\n    B,\n    tmp,\n    blockMixCb\n  } = scryptInit(password, salt, opts);\n  for (let pi = 0; pi < p; pi++) {\n    const Pi = blockSize32 * pi;\n    for (let i = 0; i < blockSize32; i++) V[i] = B32[Pi + i]; // V[0] = B[i]\n    for (let i = 0, pos = 0; i < N - 1; i++) {\n      BlockMix(V, pos, V, pos += blockSize32, r); // V[i] = BlockMix(V[i-1]);\n      blockMixCb();\n    }\n    BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element\n    blockMixCb();\n    for (let i = 0; i < N; i++) {\n      // First u32 of the last 64-byte block (u32 is LE)\n      const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations\n      for (let k = 0; k < blockSize32; k++) tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]\n      BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])\n      blockMixCb();\n    }\n  }\n  return scryptOutput(password, dkLen, B, V, tmp);\n}\n/**\n * Scrypt KDF from RFC 7914.\n */\nexport function scryptAsync(_x, _x2, _x3) {\n  return _scryptAsync.apply(this, arguments);\n}\n//# sourceMappingURL=scrypt.js.map\nfunction _scryptAsync() {\n  _scryptAsync = _asyncToGenerator(function* (password, salt, opts) {\n    const {\n      N,\n      r,\n      p,\n      dkLen,\n      blockSize32,\n      V,\n      B32,\n      B,\n      tmp,\n      blockMixCb,\n      asyncTick\n    } = scryptInit(password, salt, opts);\n    for (let pi = 0; pi < p; pi++) {\n      const Pi = blockSize32 * pi;\n      for (let i = 0; i < blockSize32; i++) V[i] = B32[Pi + i]; // V[0] = B[i]\n      let pos = 0;\n      yield asyncLoop(N - 1, asyncTick, i => {\n        BlockMix(V, pos, V, pos += blockSize32, r); // V[i] = BlockMix(V[i-1]);\n        blockMixCb();\n      });\n      BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element\n      blockMixCb();\n      yield asyncLoop(N, asyncTick, i => {\n        // First u32 of the last 64-byte block (u32 is LE)\n        const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations\n        for (let k = 0; k < blockSize32; k++) tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]\n        BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])\n        blockMixCb();\n      });\n    }\n    return scryptOutput(password, dkLen, B, V, tmp);\n  });\n  return _scryptAsync.apply(this, arguments);\n}","map":null,"metadata":{},"sourceType":"module","externalDependencies":[]}